The Technology blog and podcast

What made twitter so successful? The blue checkmark

This article is quite interesting. From the EFF, Without Verification, What Is the Point of Elon Musk’s Twitter? is the article title.

I can see what the author of this article is getting at. There were good reasons to be verified, like Brian Krebs for example, a reporter who covers the underground. I’ve been seeing toots from him saying he’s not interested in Twitter anymore.

One other superstar, Lebran James, the basketball player for the Lakers, made it clear he won’t pay for his checkmark.

I saw that tweet pop up on my account(s) through my phone, even though I don’t follow him.

Suffice it to say, it looks like it’ll be true where Twitter will try to sell verification once again through forcing people to pay for the privelage of having the mark.

I personally will not pay for any of my accounts, and I’ve already lost the most important thing, two factor.

I guess we’ll see what happens with the product in the coming months.

Sobering stats, like Twitter being practicly last doesn’t surprise me in the least.

Have you read this article and what did you think?

Comments (0)

I just love emails like this one

So, after being on the phone for a bit, trying to look to see what i want to blog.

Maybe this email can go in to the musings category as I don’t even think they looked at my site. I don’t have instagram.

---

This message was sent from: https://personal.jaredrimer.net/contact.htm
————————- COMMENTS ————————-

Hi there,

We run an Instagram growth service, which increases your number of followers both safely and practically.

• – Guaranteed: We guarantee to gain you 400-1200+ followers per month.
• – Real, human followers: People follow you because they are interested in your business or niche.

<

• – Safe: All actions are made manually. We do not use any bots.

The price is just $60 (USD) per month, and we can start immediately.

If you are interested, and would like to see some of our previous work, let me know and we can discuss further.

Kind Regards,
Megan

---

---

Have you visited my web site and where on it does it show an instagram account? Its probably a bot filling out something and giving out something that probably isn’t true. I’m not going to pay $60 for something I don’t have. Even if I did, how could I verify they were real humans like you say? How fun.

Comments (0)

This week on Throwback Saturday night’s security hour

Hello folks,

Starting this week, Throwback’s security hour will include show notes as part of the upload process.

This week, we’re going to talk about that big story about the breach that occurred in two countries and of course the team will talk about the other topics that were posted to TSB and other places they may read.

Want to listen to Throwback Saturday Night? Go over to the listen page of the mix and select server 2.

The program starts at 8 central time, 6 pacific time for the security hour portion of the show. Throwback itself goes from 7 PM to 9 PM station time, 5 to 7 PM pacific time.

Here are the notations for tomorrow’s program.

---

On this edition of the program the blog post linked herein is titled Kiwibank counting customers … major breach at Latitude lending company. If you are in New Zealand or Australia, you must read this because you might be affected. Kiwibank is not totally at fault here, but they must try to figure out what happened and help their partner in dealing with this issue.

Other articles that might be discussed may include but not limited to:

• Twitter’s source code leaked to GitHub
• Breach Forums has three articles
• your verification status
• Strange Texts pretending to be Google? Not so fast

Thanks for listening to the show, and do make your voice heard!

---

I hope you’ll come listen to us and email your thoughts about what is said. If you want to join us and you don’t have an account on TeamTalk for the mix, contact us and request one. We’ll get back to you as quickly as possible.

Thanks so much for listening!

Comments (0)

The Security box, podcast 137: What’s going on with Sandworm?

Hello everyone. Welcome to the Security box, podcast 137.

While I’m ok with this week’s program, I’ll be posting other podcast announcements. Sorry for any delays.

If you didn’t get the podcast through RSS, don’t worry. We’ve got you covered! Here is the 177.6mb file for you to have.

Now, without any further ado, here are the show notes for this program, and I hope you enjoy it as much as we have putting it together for you!

---

Welcome to the Security box. This is podcast 137 of the program and we’re not slowing down. At least, not yet. On this edition of the program, we’ve got at least one moron of the podcast, we’ve got a very interesting update on Sandworm and of course we’re going to have some great news items as well as anything else from the audience.

Morons of the podcast

This blog post titled Kroger has serious breach, affects 82,000 people of postal prescription issues should be spotted. While Kroger is well-known for their super market chains, they apparently have a pharmacy department and that is what we’re talking about here.

They have the capability of sending prescriptions through the mail, and 82,000 people were recently notified.

This is going to get very interesting.

Two U.S. Men Charged in 2022 Hacking of DEA Portal was sent to TSB. Hacking in to a DEA portal that many agencies use must be put in as the moron of the podcast for sure. Nick messaged while show notes were still being put together and this was mentioned via voice. Great one, guys!

Some news items

Some of the news items may include but not limited to:

• Opinion piece: article talks about how TikTok didn’t make a case for itself
• Move out of the way, 55 vulnerabilities tracked in 2022 and these are zero-days
• Another hacking forum shut down … this is the breach forums
• 306,000 plus out of 476,000 plus domains reported as phishing

Some we may have talked about, but these may be some that people could be braught up. Feel free to check out the accompanying articles and let us know what interests you!

I happened to pop on Facebook for my once in a while look. Someone I follow happened to like Q-Link Wireless. OK, that’s cool, but we need to remind people that Q-Link may be good for free cell phone service, but what about your privacy and safety? TSB will not tell you what you should use, just putting news out there about the things we read.

Why is there “no password required” when accessing accounts? What not to do when setting up accounts for services podcast 39’s blog post

NVDA is now released for 2023.1. This blog post talks about what’s up with it with a link to the release.

Topic: Sandworm

Did you read Sandworm? This is the blog post about the book titled: Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers and here is the book review titled: Book review: Sandworm.

We found a very interesting article which we may have blogged. The blog post is titled Russia’s Sandworm hackers blamed in fresh Ukraine malware attack from Cyberscoop’s site.

Supporting the podcast

If you’d like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can’t do this alone.

---

Thanks so much for listening, make it a great day!

Comments (0)

Last Week’s Security Box, podcast 136: Vice Society

We’re really late on this one, and I’ve got to get better at this. I’ve been busy of late, but I think we’ll be OK.

Last Week, we talked about a group called Vice Society. They’ve been the newest trouble maker out there, but they’re not the only ones to say the least.

While we got this on RSS, we’ve not gotten it up on the blog like we normally do. Truly sorry about that!

Did you not get it through RSS? Don’t have a way to get it through RSS? Here is the 170.6mb file for you to have.

We’ll make sure that we get the shows up in more timely manner and we apologize for the delay.

Here are the show notes for those who want to follow along and actually read what we were using and of course read the perfect moron of this podcast.

---

Hello everyone, welcome to podcast 136 of the security box. On this edition of the program, we’re going to talk about a group that has quite a bit up its sleve. We also have a bunch of news from around the landscape, a familiar foe that could in theory get the moron of the podcast yet again and much more. We hope that you enjoy the program and thanks for listening!

Possible moron

I wrote a thought article on my blog with no accompanying article. Here is that blog post titled TikTok says: “We’re embedded” in to the operating system. I am not sure if this will be it, and if someone puts something else in, we’ll add it to this list. We could in theory add this blog post about Bite Dance Surveiling journalists to this too.

Topic: Vice Society

This blog post titled Vice Society Ransomware Group Targets Manufacturing Companies is probably the beginning. This seems to be a new group and it seems pretty dangerous. While it hasn’t targetted the United States yet, we know that anything is possible in this crazy world.

Supporting our podcast

If you’d like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can’t do this alone.

---

Thanks so much for reading, and make it a great day! We hope you enjoy the podcast.

Comments (0)

Now, there’s an app for IOS for Chat GPT

I’m not against Chat GPT or its varying names at all. In fact, it could be very useful, and I’ve seen this community of mine comment on it.

I’ve just chosen not to use it, but maybe some day I could see the use of it. While I watch to see what it does, I spotted this Imore article for the second time. Its titled ChatGPT comes to iPhone with Perplexity, offering its own AI assistant on iOS which is interesting to read.

The app is called Perplexity and this means that this popular application can be used practicly anywhere on the IOS ecosystem.

As I said, I’ve not used Chat GPT, but I’ve been reading articles on both sides.

I’ll watch Apple Vis to determine if people download this and watch to see what it is labeled accessibility wise.

Let’s pass it on, and see where this goes.

Comments (0)

A very interesting musing thought piece

I’ve been dealing with tech stuff today, so the blog hasn’t been a priority.

I saw this musing piece through a boost. I wonder what people think of this?

Devin Prater: Boosting Earthshine (earthshine): I have not been seeing nearly enough discussion about what is poised to be one of the most dangerous bills to move through congress this decade.

For those not in the know, Senate Bill 686 The RESTRICT Act in its current form grants sweeping authority for the U.S. government to prosecute, fine, and imprison any person whom–among *many* other things–uses a VPN to access any “app” operated by a “foreign adversary” of the U.S.

The wording of the bill is so broad and vague that it can criminalize a wide range of technologies, and potentially even ensnaring U.S. citizens for conspiracy simply on the basis that they use a VPN that the US gov. can’t snoop on and see what they’re doing with it.

Let that sink in–you could face a minimum of 20 years in prison and from $250,000 up to $1,000,000 in fines, just for protecting your online privacy with a VPN, and your only recourse is to appeal in the D.C. circuit court.

The bill’s sponsors pinky promise it won’t be used for that, and it’s only meant to catch foreign actors engaged in subterfuge etc, but the language to back that claim just isn’t there. The anti-circumvention penalties and restrictions essentially put at risk anyone whom engages in any activity using these technologies due to the fact that if the technology is working, then the government can’t see what you’re using it for, and therefore simply using it could be used as the basis for charges of conspiracy to circumvent.

It is abundantly clear that if this passes, it can and will eventually be used to target anyone engaging in activities the government or its corporate sponsors don’t like.

This isn’t a slippery slope. It’s a lubed up vertical waterslide straight to weaponizing the acting regime’s list of potential “threats” against citizens engaging in protected speech.

Don’t just write your representatives. Call them. Demand that they oppose this bill, and vow to actively campaign for their opponents if they won’t.

If this passes, then ultimately no speech is protected in the U.S. It is 100% unconstitutional, but do you really trust our current courts stacked with political operatives to shoot it down?

Read the bill and see related info here:

link to Congress’s site for the bill

Go here to find your representatives and how to contact them about it:

rep finder

Here’s more reading on the bill and how it affects us:

link 1 from Reason
link 2 from Vice
daily dot link 3 for jail time on VPN use
link 4 for a discussion

??
?

I’m leaving the emotes in, but they’ve been removed for reading purposes for the show. Might be worth musing about.

Comments (0)

What has been posted to EMHS? Posting date March 29, 2023

Hello folks,

Welcome to what’s been posted lately.

Some of the articles we’ve covered here on the blog, while others may not.

While I have books I’d love to put up, I just haven’t gotten there yet with my busy schedule.

Since its only articles this week, here’s what’s been posted.

• Use Windows? The screenshot tool contains a dangerous flaw – Update now komando.com: March 27, 2023
• Kiwibank counting customers whose ID data was stolen in massive Latitude privacy breach stuff.co.nz: March 27, 2023
• Don’t fall for this Google scam about a compromised account komando.com: March 24, 2023
• As voice-cloning becomes easier, take this one step with your family members to stay safe komando.com: March 22, 2023

I know there hasn’t been a bunch of stuff, but we’re trying to make it high quality.

I’ll have time to do books this week before I’m out next week again, so we’ll see how things go.

In the meantime, if you have anything that you’d like us to cover, please feel free to let us know and I’ll be sure to take a look.

I’m sure that I’ve not covered a bunch of stuff I’ve seen on the list and I need to get better on that.

Thanks so much for reading!

Comments (0)

Windows Defender is going rogue, Microsoft knows, could happen to any product

With any type of antivirus or antimalware program, you’re going to have issues every once in awhile. Windows Defender is no exception and the fact is, they’re working on it.

While I’ve knocked defender for its inability to remove things I’ve gotten that are clearly a problem, they’re definitely trying.

I’ve never seen a URL blocked or be told that it is malicious with the huge amount of suspicious things I’ve gotten, even before I got malwarebytes which doesn’t tell me of malicious URL’s.

I do have to hand it to Microsoft though, this is one that could happen to any product that anyone who reads this could use.

The article is titled Microsoft confirms Defender has gone rogue as it’s flagging legit links as malware is the URL that you need to read if you want more detail.

Its OK for issues to crop up. What are you going to do to fix it? That will be the question., one which is being worked on as we speak.

Comments (0)

This article has it right, TikTok challenges are a big problem, parents must get involved

With the ban of TikTok looming, I’ve said for awhile now that it may not solve the problems it apparently has been the prime target of.

I normally don’t use sites like KNX to get tech news, but I look occasionally to see what’s going on.

The article is titled Psychologist talks about TikTok trend that sent Orange County woman to hospital and I thought it was an interesting title for the article.

I’ve read it and its a few minutes. It talks about the fact that teens especially don’t have the thinking skills to make sound decisions.

Its not necessarily TikTok’s problem, although we know that these challenges are only on this platform from what I can gather.

They link to a challenge to where someone put a bucket on someone’s head and filmed the results. I don’t know what was in the bucket or what but it did send someone to the hospital.

It links to an interview which was done with this psychologist.

This proves that social media can have anything they want on there and without moderation to determine if it violates rules or could be dangerous, its an unmoderated platform.

It links also to this challenge from what I could gather.

I’m posting this to the tech blog for people to see what’s going on.

The article also indicates that parents should get involved. Social Media will not get involved with things like this. Parents must ask children what they expect and get them to understand rationally.

I guess we’ll see what eventually happens. Its all about belonging and fitting in socially, says the article. There’s plenty more, feel free to read the article and then let us know what you think.

Comments (0)

MacStealer steals passwords, all kinds of documents, credit card data, more

Hello folks,

The blog is going to be minimal as I was gone again today. MacStealer malware grabs iCloud passwords, files, and credit card details is the article and its dangerous if you should find it.

While it is embedded within an app most of my readers would not want, if you do happen to find it, it will steal your passwords from Apple Keychain, credit card data, files including text, word, JPG picture files and even get data out of browsers such as Chrome, firefox and microsoft brave.It can also get data from zip files with the zip extension.

While Mac was updated monday, its unclear if this has been fixed in the newest version, but it can be fixed a different way.

Please feel fre to look at the article for complete details if you wish to do so. Quoted material from another source was also in this article with details too.

Thanks for reading!

Comments (0)

I bet people will say that twitter is dying

i saw this on Mastodon today. Twitter is dying was written at Tech Crunch.

With all of what Mr. Musk has done, this doesn’t necessarily surprise me. I’m not one of these people who is adicted, but at the same time, I try to get information out about whatever it is I’m reading, writing or the like.

I’m not sure what to think of all of these changes, maybe there is a point to this article and i’m going to put it up for discussion.

What do people think?

Comments (0)

Mac, Watch and other releases

Last night, I spotted this apple vis post talking about Mac, Watch, TV and others that were also released.

I didn’t go over there when I wrote yesterday’s post, so please take a look.

Comments (0)

Moron of the podcast, 2 U.S. men accused of hacking arrested

This will be this week’s moron of the podcast, at least one of them. Two U.S. Men Charged in 2022 Hacking of DEA Portal is the Krebs article which talks about 2 men who were recently arrested.

Two U.S. men have been charged with hacking into a U.S. Drug Enforcement Agency (DEA) online portal that taps into 16 different federal law enforcement databases. Both are alleged to be part of a larger criminal organization that specializes in using fake emergency data requests from compromised police and government email accounts to publicly threaten and extort their victims.

Learn more about the EDR problem by listening to podcast 94 which is available to download. You never know who is swept up in these types of requests and I felt that this was important for this community I serve to have.

Prosecutors for the Eastern District of New York today unsealed criminal complaints against Sagar Steven Singh — a.k.a “Weep” — a 19-year-old from Pawtucket, Rhode Island; and Nicholas Ceraolo, 25, of Queens, NY, who allegedly went by the handles “Convict” and “Ominus.”

To add insult to injury, one paragraph after skipping a bunch of paragraphs says:

The complaint says once they obtained a victim’s information, Singh and Ceraolo would post the information in an online forum. The government refers to this community only as “Forum-1,” saying that it is administered by the leader of ViLE (referenced in the complaint as “CC-1”).

There’s a lot more, and this will be linked within our show notes when the podcast is made available.

Guys, welcome to the moron of the podcast, and let’s see what happens with this case.

Comments (0)

TikTok now has Pixels?

We know that Facebook and Twitter and even Instagram have buttons to click on to share info. Soon, Mastodon will be incorporated in to WordPress. But did you know that there can be hidden or maybe visible icons called Pixels that report back to companies?

You’ve probably known of this in email communication, but maybe not on the web.

TikTok collects data that includes search and browsing history, facial ID, voice prints, texts, location, and photos. Here’s a wrinkle: You can watch the videos without creating an account. Is that safe to do? The answer below will shock you.
Talk to your kids

On top of this, there are the viral challenges. This is a link to the episode dealing with stupid parents and TikTok challenges.

According to komando’s article:

The Wall Street Journal reports that children with TikTok accounts are sending screen recordings of videos to their friends who can’t access the app themselves. Kids are filling their phones with these video clips to the point where they can’t even update them.

Don’t fear. Those who have TikTok are sending screen recordings of the videos to those that don’t have the service. Usually, teens send them to their friends, says the article.

On top of it, someone can upload these videos elsewhere like Youtube. Sure that would be OK, but it can also be linked to TikTok in which they may collect data such as your IP even if you don’t have an account.

We know that there are a lot of scams out there. Remember the blog post dealing with the remains of a loved one? Here is that blog post if you need a reminder.

I’m not going to go so far as to say that TikTok is a national security problem. Facebook, Twitter and Instagram also have pixels and buttons to share things. But TikTok is more at the forefront because of the fact that it doesn’t even follow Coppa law, let alone other laws as far as we know.

There’s more that Kim has in her column. Its titled TikTok’s Dark Side: Why it’s more than just a fun app & you need to remove it which was written a couple of days ago. I saw this in the newsletter and it does open my eyes on why I don’t use the app.

Thanks Kim for continuing to open our eyes on what a danger the app we don’t need is, and I hope people give this a read.

Comments (0)

The Phishing has started re: Twitter Blue and verification

The Following was a boost. Please be aware of this one.

Celeste, AKA DJ Celrock!: Boosting Dwight Silverman (dsilverman): If you’re a legacy verified user on Twitter, beware: A phishing email is playing on the news that original verified users will lose their blue check marks on April 1. I tapped on the “Read verification policy” button, thinking this may be real, and it took me to a Twitter sign-on page that was not on a Twitter URL. Fortunately, It didn’t attempt to place malware on my iPhone, but it could have.

Be careful out there, and please boost.
#infosec
Image 1: Phishing email playing off news that Twitter is ending its legacy verified program. It reads:

Hello, e« Loss of verified status <> Yesterday at 4:43 AM To:

W Helo Dwight Silverman, @ We updated our verification policy on verified accounts, and you could be affected. Please read the rules and make any necessary changes by March 27, 2023. In accordance 1 the Twitter Terms of Servic Twitter may remove the blu fied badge anc fied status of a Twitter account at any time and fthout notice Help | Not my account | Emall securly tips Tuiter, . 1355 Marke Sreet, Sue 900 San Francisco, GA 94103

I’ll give bonus points if you can name what is wrong here. Glaring issues here I think.

Comments (0)

Use the Snipping tool in Windows? Better update that

I’m reading Kim Komando, and it is talking about the snipping tool for photos.

While a good majority of users that may read this may not use it, I’m about information sharing. Use Windows? The screenshot tool contains a dangerous flaw – Update now is the article from today’s newsletter.

I found it interesting even though I only use print screen for screen shots when needed. I didn’t know there was a tool for Windows 10, but then again, when you can’t see well enough for images, you will not have a need for such a tool.

If you’re affected, better make sure you’re updated.

Comments (0)

More information is out on the Chinese app removed from Google Play

Hello silent readers,

Android app from China executed 0-day exploit on millions of devices was written by Dan Goodin from Ars. I spotted this on Mastodon when Brian Krebs put it out as a Toot and mentioned he’d have to update his reporting of this as it had more information.

As usual, the company didn’t comment for follow up questions, but they denied having anything to do with malicious copies of their apps being removed in the Google Play store which is hard to access from China to begin with.

The perspective of both Brian and Dan on this brings out questions like what China is really up to. If its got this many vulnerabilities that are exploited in their apps, and they were the ones to put the app out, then they should be responsive and give their users a proper experience shoudln’t they?

This is going to get interesting.

Comments (0)

IOS 16.4 is now available

Boosts of Apple’s IOS 16.4 are coming out. iOS 16.4 is now available for everyone: Here’s what’s new from Mac Rumors talks about the things that are new including emogies and voice isolation being two of them.

One of the 9 items in here does talk about accessibility changes. It says:

• VoiceOver support for maps in the Weather app

I will definitely have to check this one out.

One of the biggest things that might help those who experience seizures is an item about dimming video when flashes of light are detected. That item in the list says:

• Accessibility setting to automatically dim video when flashes of light or strobe effects are detected

This is Apple Vis’s blog post on the topic which does quote the above article but also highlight other fixes that are documented that seem to be resolved for blind and low vision users.

Please feel free to check out these articles and apply the update when it is practical to do so.

Thanks again for reading and thanks for also listening to our programming.

Comments (0)

NVDA 2023.1 is now available

For Immediate Release:

NVDA 2023.1 is now released. In this release is something that I’m proud that I had a hand in.

Multiple screen readers have the capability of allowing you to see where a link goes. Now, we can write up a guide for the major screen readers and operating systems, but I still need to get to Android which I’ll be doing.

The keystroke nvda+k (ins+k) will be used to give you the information about the link that may just say “Click Here.” You can see exactly where it goes by pressing the command twice. The first press will speak it, and if memory serves, flash it on your braille display.

I would like to publicly thank Quentin Christensen, NVDA trainer and manager for taking my feedback to heart and working with the community of people who can develop this for those that use this popular screen reader.

Here is the news release for those who need and want to read it. It contains information on NVDA adons which may not work, the list of fixes for this release and links to donate if possible.

Thanks so much for your support.

Comments (0)

Older Posts »

go to sections menu

---