The Technology blog and podcast

Servers running salesforce leaking sensitive data

Still catching up on Mastodon and finding something else that we should blog.

Some disabled people may be using software called Salesforce. I’ve not used it, and I’ve got no experience with it, but from what I’ve read, it seems like a well off piece of software.

I did spot the Krebs article in my RSS and I haven’t had a chance to read it. Many Public Salesforce Sites are Leaking Private Data is the name of his article.

While I’ve not read hthat one, I did read the Ars Technica article. Sensitive data is being leaked from servers running Salesforce software was the article written by them.

Their reporting does talk about Brian’s article, so I’ll be sure to send that one to the list. I’ll have to somehow remember that I’ve blogged it, but that’s what searching the blog will produce.

The ars technica article was a great read, and something that people who use this software will need to read. You may want to pass this along to the people who help you run your server.

Thanks for reading!

Comments (0)

9 to 5 mac says: There are fake ear pods out there

I did hear something or maybe spotted something about a shipment of fake earpods that were picked up.

I don’t remember what I spotted or heard, but still catching up on Mastodon brings up this 9 to 5 mac boost with an article titled Inside the world of TikTok-inspired fake AirPods scams (and how to protect yourself).

Now, I am not necessarily surprised that the scams are being started on the not so popular site, TikTok. Should this surprise you?

I don’t know how us disabled people, especially those who are blind, will be able to tell that the potential pods are fake besides taking them to the apple store as discussed in this article.

There are courses being sold on how to pull this off on TikTok and teens even going so far as to say they’re made exactly like the real ones too. The article indicates that they use real serial numbers which are checked with Apple and found to be valid serial numbers.

I’d check this article out, and be aware of what’s going on at least.

I thought of buying the newer model, even at $250, and I baught mine through Amazon and have had no issues.

Stay safe!

Comments (0)

This is one that anyone could fall for a clever Gmail trick to win prizes … or the lack there of

Google Scams seem to be prevalent these days, says Phone Arena. This one says that you’ve won a prize of some sort and may be in your email or a popup.

Beware of this easy-to-fall-for Gmail scam says that us tech folk could be tricked and its possible.

The text of the potential scam is in the article for us to read. Thanks Phone Arena for doing this.

If you’re a Gmail user, better pay attention to this, it may hit your inbox.

Pass the news on, stay safe, and thanks for reading.

Comments (0)

We’ve talked about Amos, but here’s another article on it

We recently blogged about Atomic Stealer, otherwise known as Amos.

I ran across a short article that would be written the way Kim has their articles written. Not exactly, but similar.

New malware targeting macOS users is being sold on Telegram is the article.

A lot of information is similar to what the PSA from 9 to 5 mac has.

I’d rather make sure we cover this in other angles so this is why we’re posting this one.

I hope you all enjoy and thanks for listening and reading!

Comments (0)

Phone Arena says to get rid of these 38 apps, right now

We haven’t done these in awhile, but then again, I’ve not seen this in awhile.

Michael in Tennessee sent this Phone Arena article titled You need to delete yet another 38 Android apps before they load up your phone with malware which was published on April 28, 2023.

This article also leads to another removal of apps article, also on Android, so both of these should be read.

I don’t necessarily blame the kids here, because of course they’re looking for games they want to play. Actors are taking advantage of this by having titles of apps that are similar to the apps Kids and even us grownups want, if we play those types of games.

I don’t know what our numbers stand this year with Android, but add these two articles to the list. This is only going to get more interesting, as the year progresses.

Thinking I aught to get on Phone Arena even without sharing content, just to get at these things.

Thanks Michael for bringing this up, and to our attention!

Stay safe!

Comments (0)

What’s happening with the fedaverse? Plenty, according to this excellent tech dirt article

This tech dirt article crossed my desk, and yes, I’m still a day behind. I’m trying to catch up here, but it’ll take time.

Good thing that TSB is done, and I can concentrate on writing some blog posts like this one.

I’ve seen talk about Blue Sky, but I’m not too familiar with the rest of the options. I am on Mastodon with Tweesecake, and I have mona beta.

The tech dirt article is titled Six Months In: Thoughts On The Current Post-Twitter Diaspora Options and if you’re interested in these services besides Mastodon where a lot of us moved to after Twitter’s debacle, feel free to check this article out.

I hope that this finds interest in some reading, even if you don’t check out these services.

Comments (0)

Windows 10 finally settling down

Well, according to Ars Technica, Windows 10 will finally settle down with 10 H2. This will probably be good news for those of us who are on this operating system.

I’ve heard nothing but bad things about 11, but if I needed to use it, I probably could.

It’s the end of the line for yearly Windows 10 updates, says Microsoft is the article. It does say that we will have security updates till October 2025. That will suit me just fine.

Hope everyone is doing well.

Comments (0)

The Security box, podcast 142 preview: Highlights from the new U.S. Cybersecurity Strategy

Hello folks,

This coming Wednesday, May the 3rd, we’ll be talking about the new U.S. Cyber Security Strategy. Its only popped up once and it was sent to our list 3/2/23 but nothing since.

I don’t think we’ve blogged it, so I’ll include it here.

The article is titled Highlights from the New U.S. Cybersecurity Strategy and is a Krebs article.

He was posting to Mastodon notes about this before he put the article out, and it was interesting.

Besides this, we may be handing out morons, we’ll discuss the landscape, and we’ll see what else guests will have to say while on the show.

How to listen

You can listen through the independent channel Wednesday, May 3 at 1 pm CT, 11 am PT.

The link to the room is found right here. Feel free to

We hope to see you there!

Comments (0)

Here comes another mac stealer … Atomic Stealer

This 9 to 5 mac article talks about Atomic Stealer. Its called PSA: ‘Atomic macOS Stealer’ malware can compromise iCloud Keychain passwords, credit cards, crypto wallets and it is similar to Mac Stealer.

blog post

Not only is it similar to Mac Stealer but it can do much more to browsers like Safari, Firefox, Brave and Chrome.

Please look at the entire article if you’re a Mac user. You don’t want to be surprised by this one.

Comments (0)

You can’t search twitter without an account

Add this if you’re still on twitter. While my twitter is active, I may at some point tell DLVR to quit using it altogether. I won’t delete my account, but I do have alerts there I get.

This latest from 9 to 5 mac talks about the fact that you can’t search without an account.

Let’s see what people think.

Twitter restricts its search to registered users while Musk suggests Fleets are coming back is the article.

I still think that t this rate, and the fact they claim that fleets are coming back means the network is doomed at some point.

I guess we’ll see.

See everyone later.

Comments (0)

Clubhouse to lay off half its staff, needs to reboot

Spotted this on the Verge through Mastodon about Clubhouse. Clubhouse is laying off more than half of its workforce – The Verge is the title of the article.

In a time where Covid is over, even I don’t spend a lot of time on clubhouse.

I personally found some great content on clubhouse and even some great clubs. But I don’t find the rooms that I used to hand out in.

I’ll say this, if Clubhouse were to shut down, for any reason, it would be sad. However, I never made it my life.

To me, Clubhouse had a lot of people who wanted to get you in to Crypto Currency. Even recent followers that followed me either had blank profiles or mention they’re in to Crypto.

While I don’t mind people who are in Crypto, I’m not and don’t have a need for it.

Clubhouse has interesting rooms claiming how you can make millions. Whether its true or not, I don’t know.

Luckily, the people I need to communicate with can be called by phone, emailed, texted or the like. I don’t need clubhouse.

Clubhouse to me is like Facebook, Twitter, Linked in or even mastodon. It can all go away for whatever the company’s reason is, and it probably wouldn’t bother me.

Just look at our coverage on Twitter. I don’t know what will eventually with it, but we’ll also see what happens with Clubhouse.

Check out the article, it is informative and we should be informed on what’s going on.

Comments (0)

So … What’s going on with Siri?

I spotted this article from 9 to 5 Mac. It talks about how apple employees hate Siri

There seems to be a lot of termoil going on about this, the VR headsets and things in general.

The article is titled Even Apple employees hate Siri and are skeptical of its future, new report says so check it out if this is interesting to you.I spotted this article from 9 to 5 Mac. It talks about how apple employees hate Siri

There seems to be a lot of termoil going on about this, the VR headsets and things in general.

The article is titled Even Apple employees hate Siri and are skeptical of its future, new report says so check it out if this is interesting to you.

Comments (0)

Age verification is one of the best things that can be done

We’ve been talking about age verification for social media for a long time. I’d scan my ID and make it available upon request, just to comply.

The article comes to us from PC Magazine. The boosted post on Mastodon does have a point, Congress has not done anything about this problem, and with TikTok being such a problem as it reportedly has become, this would be a welcome change.

Here’s the boosted post.

AlmaTy: Boosting Amanda Carson (arush): Oh goody! We’re gonna collectively speedrun the age verification curve! Spoiler alert: working age verification that does what it’s intended to do is very difficult and we already spent 10+ years figuring this out but the idiots in Congress just have to engage in performative bullshit because voters demand performative bullshit. https://www.pcmag.com/news/senate-bill-would-require-social-media-age-verification-for-everyone

The link leads to the article Senate Bill Would Require Social Media Age Verification for Everyone and its worth at least a thought piece.

We’ve talked about this during some of our TSB programs but here’s an article for you all about it.

Comments (0)

Throwback Saturday Night for April 29, 2023

Hello everyone,

This program is going to be live all the way, even for our security hour.

After calling Terry, the producer, we’ve decided to do a full length hour.

The group will have music and the like during the first hour.

To listen, go over to the mix’s listen page and select server 2.

The server 2 time is 6 PT, 8 CT for the security hour on Saturday and the show itself starts at 7 CT, 5 PT.

Now, here are the notations for this live show and thanks for listening!

---

Welcome to Throwback Saturday Night’s security hour. This is going to be the live edition. If you want context, this blog post titled T-Mobile, are you serious? Writing letters to get people to sign up? was posted to the blog on Monday April 24th.

We’ll also cover the landscape and anything else the team wants to cover.

Hope you enjoy the show!

Comments (0)

Are you using AT&T E-mail? You should read this

I’m trying to catch up on Mastodon as well as working on TSB. While thinking about how I want to cover the main topic of TSB, I spotted this Tech Crunch article talking about hacks in to AT&T for the purposes of stealing crypto currency from Coinbase and one other exchange.

The article is titled Hackers are breaking into AT&T email accounts to steal cryptocurrency and the company said they exploited an API not any internal tools.

While each major company we’ve known in the telecom industry has been breached over time, nothing that I’ve read indicates that they could be lying here.

Apparently, this has been going on for at least a month, maybe more.

While this is the first article I’ve seen on this, I don’t want to say that its fixed cause that’s not what I can gather.

Whatever the API issue is, they need to get a handle on that first before saying they’ve resolved the underlying problem.

Hopefully we’ll learn more.

I love this reporting though! Thanks Brian for putting this on our radar.

BrianKrebs: Boosting Zack Whittaker (zackwhittaker): Incredible reporting by @lorenzofb:

Hackers said they had access to AT&T’s internal network, which allowed them to break into customers’ email accounts and steal their cryptocurrency.

Two victims confirmed they were hacked. One of them had $134,000 from his Coinbase account.

AT&T said it’s reset some customers’ passwords as a “precaution,” and “updated our security controls to prevent this activity.”

More: https://techcrunch.com/2023/04/26/hackers-are-breaking-into-att-email-accounts-to-steal-cryptocurrency/
Image 1: an illuminated AT&T sign on the side of a building/storefront in a city, surrounded by bushes and shrubs

The linked article is above but the boost is here for preservation.

Comments (0)

Clubdeck version 2.5.4

I opened Clubdeck to deal with some things and it pingged to say it needed an update to 2.5.4.

Version 2.5.4

• Added RSVP to events tab
• Fixed start a room button starting a public house room by default
• Added a confirmation popup when deleting an event
• Fixed bug where you couldn’t join an open house

On Windows, when running it and it needs an update, it’ll tell you. Say yes to install when prompted.

Also, the events list ctrl+e now lists events in your houses and allows you to say yes or no for attending as now it sends invites when you create events. Its known in the links as RSVP to events instead. You can then start the event from there if I get things right. It is letting me start my July 6th event now if I wish. Interesting.

The create event button (ctrl+shft+e) doesn’t seem to do anything anymore. Just things to pass along.

Make it a great day!

Comments (0)

The Security Box, podcast 141: Dark Bit, a new threat that starts with a grudge

Hello folks,

Welcome to the Security box for this week. Today, we’re going to talk about a new Ransomware group tht is out there called Dark Bit.

It was put up on RSS Wednesday, but I meant to get the blog updated the same evening but failed miserably.

Did you not pick it up on RSS? No problem! Here is the 207mb file.

Now, without any further ado, here are the show notes which includes the links to the various things we’re talking about.

Thanks so much for listening and enjoy the show! Note, some strong language.

---

Welcome to the Security box, podcast 141. On this podcast, Cyberscoop is along to help us diagnose yet another ransomware group. They actually start by attacking Israeli schools, but will it stop there?

Besides that, we’ll have the news, notes from around the landscape, possibly some morons, and of course your thoughts.

Our topic today comes from this Cyberscoop article titled New cybercrime group calling itself DarkBit attacks Israeli university which we sent to the list in mind February.

While we’ve not seen anything else on this, it isn’t for us to keep our mind down as they could attack anything they want.

We hope to see you on the show, thanks so much for listening!

Supporting the podcast

If you’d like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can’t do this alone.

---

Whether you contribute or not, please know that we put the show for educational purposes and the money is not the point, but writing in or contributing other ways is always welcome. Thanks for reading and make it a great day!

Comments (0)

This is beyond repair … another school district targeted … children with special needs targeted as well

Hello everyone. I’ve about had enough with these types of breaches. This is coming from NBC news. I’m not blaming this on them, because they’re a news organization, so thank you NBC News for bringing this to the public’s attention. This article was written today.

I’ve written about children’s issues when it comes to technology quite a number of times through this blog and podcast.

<

blockquote> State legislators will not wait to cover online privacy for children <a href=”TSB 67 How the braille challenge can lead to success and The Security Box, podcast 130: Congress and the government can’t fix Coppa?

Let’s not forget my favorite one that I wrote: Hey Criminals! Keep your hands off our kids and their data! way back in 2020. I had enough then and now I’ve really had enough!

These are several blog posts and podcasts that I’ve published and we’ve talked about.

One particular blog post deals with children’s apps and advertisers.

blog post

But now, actors find it very funny that they want to go ahead and get as much information on children who can’t even do anything about the problem.

The real question comes to this. Why are the schools collecting information including social security numbers? Does it help you do your job? I understand child’s name, parent’s name, address and contact info … but that should be it!

The files reviewed by NBC News include everything from relatively benign data like contact information to far more sensitive information including descriptions of students’ behavioral problems and teachers’ Social Security numbers.

I get the fact that for payment purposes, you night need the teacher’s SSN,, but it wouldn’t surprise me if student data of this sort is in here and we don’t know it.

…

It’s a stark reminder that schools often hold reams of sensitive information, and that such leaks often leave parents and administrators with little recourse once their information is released.

Why is this the case! I don’t ever remember this being this much of a problem when I went to school in the 80s and 90s.. I honestly feel sorry about this because I would’ve probably said something back then.

At least 122 public school districts in the U.S. have been hit with ransomware since 2021, Callow said, with more than half — 76 — resulting in the hackers leaking sensitive school and student data.

Its not the school’s fault that you decided to target them. But, it is their fault if you got in through a vulnerability although if you sent a Phishing lure and the person bit, than they need to learn what they did so it didn’t hapen again to the school. What an expensive proposition!

The identity protection is a start, but as stated, it absolutely doesn’t do anything besides help you fix it after the fact.

The article is titled Students’ psychological reports, abuse allegations leaked by ransomware hackers and I want this shared as widely as possible. This happened in Minnesota and affects tons of children who have no idea how to fix it, understand the repercussions of what the hell just happened, or what it will do with their life later if that is the case.

This is beyond repair and Congress and other legislative bodies have not done anything to curve the overall problem of companies including schools that collect way too much data that has nothing to do with teaching, paying for goods and services, sigining up for web hosting or anything else.

For example: a child signs up as an adult for phone service. Fine, run the background check by running the SSN. Once that process is done, ask management if it is necessary for that sensitive information to be kept.

We’ve covered way too many articles and I have even questioned my own business man why I need to collect something like a bank address and SSN. I don’t do that anymore! It isn’t even necessary!

This has really got a nerve with me and I don’t know how to solve it, but it needs to be looked in to. This … is beyond repair.

If anyone knows how we can solve this, let’s see how we can get in contact with the right people and let’s start a conversation.

Here is the boost from Brian Krebs.

BrianKrebs: Boosting Doug Levin (douglevin): NBC: Students’ psychological reports, abuse allegations leaked by ransomware hackers https://www.nbcnews.com/tech/security/students-psychological-reports-abuse-allegations-leaked-ransomware-hac-rcna79414 #edtech #databreach @brett via @kevincollier

The linked article is above.

Rant over.

Comments (0)

Voice Dream going subscription, current users not affected, prices being worked out

I’ve been seeing boosts from Apple Vis about this notice titled Voice Dream Reader for iOS is now 59.99$/year which needs to be sent around.

The initial person who posted this said the price was $59.99 a year.

In the discussion, the voice dream team indicate that they appreciate the feedback and even will perpose a monthly subscription model. They have made it clear that existing users will not need to go to the subscription model.

I understand both sides and have been monitoring the chatter I’ve seen coming across my desk here at the JRN. While I don’t offer a subscription for this blog, I do offer donation amounts on my donations page. When working with someone with it, I decided on $1, $5, $10 $20, $50 and $100 amounts to be directly paid to me one time. Paypal is also an option for recurring donations of any amount, and while it has been tested, only one user has used it.

I understand that money is tight, and for developing a program like Voice Dream, there are costs that go in to making sure the app is running including licensing fees that must be paid to the people who have the voices. They are not free to just put on your device because the programmer puts them there.

I am under the impression that they have to pay fees for each download, and if they come across this and I’m wrong, they can correct the record. I don’t believe that I know everything and that’s fine.

Most of the community expect paid products to be affordable and I understand that. Just take my dental bill for example to replace fillings from many years ago. $575 is a lot of money, and one was one price and one was another; based on type of filling. I’m not going to disclose the amounts, but I only disclosed the total.

$60 a year is not necessarily bad, although Password Manager Lastpass is $36 a year, which is $2 a month. So yes, I see why someone mentioned why it was a little high.

Hopefully we’ll learn more about the subscription model and it works out. We don’t want to see the app gone. That’s how I connect to Bookshare, as I have heard their app is aweful.

Hope everyone is doing well.

Comments (0)

Use edge? Better peruse this one

Apparently as I continue to play catchup, we have something that came across our desk that should be given to people as something to be aware of.

Apparently, Edge has a new feature which is on by default. While it is harmless at first glance, it goes to a link called bing api’s. I’m writing it this way so people know what it is.

Sites like porn hub are blocked, and allows you to track your favorite followers around the web, according to microsoft.

They claim this was in testing last year, and then rolled out to more users this year.

Turning off this creator option which nobody probably knows exist will solve this potential leak.

To read more, read The Verge and their coverage titled Microsoft Edge is leaking the sites you visit to Bing – The Verge.

I personally don’t use edge, although it is available to me. Its a personal preference of mine, but I’ll go make sure that I turn this option off. I don’t even know if my edge is up to date or not anyway.

Have a great day, stay safe.

Comments (0)

Older Posts »

go to sections menu

---