go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: June 2023

Go to Homepage [0], contents or to navigation menu



Twitter no longer allowing viewers to view tweets if not logged in

I just saw the following on Mastodon. Mind you, this is a boosted post, not a toot.

It says:

Celeste, AKA DJ Celrock!: Boosting Today in Twitter (TodayInTwitter): WHAT A CLOWN SHOW!

You can now no longer look at tweets signed out. Seriously. This is the stupidest thing he’s ever done. Worse than killing third-party clients IMO. This will KILL Twitter’s traffic and hinder its ad sales greatly.
Image 1: Breaking: Twitter now blocks all access from signed out users

My first thought is similar to what the original is. While I’ve not advertised on Twitter, there re probably tons of people who aren’t logged in to the platform either because they don’t have an account, they deleted it, or maybe they logged out because they have no plans of using it.

Whatever the reason, this is a person’s right. I wonder how that’s going to work in news articles now? I’ve read articles on KNX that interested me, and saw tweets. I’m not signed in to any of my twitter accounts via IOS except using the app. But the web embeds the tweets as part of the article. So how does that work?

If this is indeed true, this might be the nail in Twitter’s coffin, and may cause its final demise.

Let me know what your experience is. I’m not saying anything that I’m not sure of here, and I have no accompanying article. If this changes and I see an article, I’ll be sure to post it if I feel its of value.

We’ll be in touch!

Comments (1)

Reddit is saying that staying in private mode is enough and too open up their subreddits or else …

In an article i’m reading from the Verge sent through Mastodon, Reddit is saying that this is enough.

While no timetable is set, they may be forcing those continuing to protest to open as soon as today. I believe the article was written yesterday.

For those who want to read the article to see what drama is going on at Reddit, Reddit is telling protesting mods their communities ‘will not’ stay private/ is its title and we’ll see what’s going to happen.

Comments (0)

The security box, podcast 150: Ransomware Gangs giving us ransomware witha helping of zero-days

Hello folks, welcome to the asecurity box, podcast 150. Note that next week, we’ll be taping on Thursday, July 6th instead of Wednesday, July 5th to allow for folks to return from the July 4th holiday since its Tuesday.

If you don’t have RSS, we’ll provide the 180.5mb download right here.

Please note! Stitcher, who provides podcast services will be closing their doors on August 29th, 2023. Here’s the RSS feed that you can copy to your podcast player to continue to pick up all podcasts from the tech podcast and Security Box directly.

An announcement will be playing from now through August 29th reminding listeners as instructed by Stitcher.

Now, here are the show notes for podcast 150. Thanks so much for listening and make it a great day!


Hello folks, welcome to the Security Box, podcast 150. We’re made it! On this podcast, we’re going to talk about Ransomware gangs and the fact they’re now using zero days. We may or may not have a moron, we’ll cover the news and we’ll see what else people have to say as the program progresses. Some Strong Language.

Stitcher closing

Stitcher is closing. If you are affected by the change, please contact me at jaredrimer at 986themix.com and let me know about it. Let me know what podcast you’re coming from so I can get you a new link. They’ve let us know that they’re shutting down as of August 29th, 2023. Thanks for your support of our podcast!

Our topic, Ransomware gangs and zero days

This week’s article comes to us from Cyberscoop. Its titled Ransomware gangs increasingly deploy zero-days to maximize attacks and was tagged as a topic. For the 150th episode, this couldn’t be more appropriate.

Supporting the podcast

If you’d like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can’t do this alone.

Comments (0)

Clop is at it again, more vitims from the Move it breach

Move it (one word) is an application tht does File Transfers. It is also a Transportation app for the Iphone. But this move it pp dealing with file transfers is what the article and the Clop gang have been targeting.

This article by Dan Goodin has the latest on Clop’s ordeals as of the 27th. Casualties keep growing in this month’s mass exploitation of MOVEit 0-day come to us from Ars Technica.

Comments (0)

Twitter now giving us 25,000 characters if we pay?

OK, so this is just getting more interesting at Twitter. Today, I’ve read an article that indicates that Twitter is now giving blue subscribers a 25,000 character limit.

I don’t know what to say about it. Social Media, In my opinion, should not be the platform to write long form articles. It should have a decent amount of characters to make announcements about shows, what you’re up to, or anything else like that; but not to write long form work.

I like the fact that Mastodon can in fact increase the limit from 500 to something longer if themaintainer wishes to. On the instance I’m on for example, we have a 2,000 character limit

While making an announcement about one of my shows, I saw the character count was in the 700 range, but I have seen longer by the likes of Brian Krebs and other journalists.

The JRN knows by reading that Brian has no reason to go back to Twitter and he’s happy at Mastodon.

A new social media Blue Sky has their character limit at 300. I’m not going to say what character limit is good, but I’m happy at 2,000.

This article is titled Twitter now allows subscribers to post 25,000-character-long tweets and feel free to sound off on this one.

Here we go!

Comments (0)

Windows 365 coming to a machine near you

If you’re running windows 11, at some point in the not named future, you may be booting in to the cloud. No date was given for this, but this interesting article titled Microsoft wants to move Windows fully to the cloud – The Verge </a<> talks about a 2022 presentation where Microsoft talks about this andd business customers may be seeing this already.

Here’s the thing. Since they have work with the assistive technology companies in the past, where do they stand when it comes to this? If they’re out, is Narator or other accessibility tools that Microsoft has up to the challenge of keeping us up to date with how things work?

I’m not sure exactly what to think, and accessibility isn’t discussed in this article.

May the chatter begin.

Comments (1)

Question: Should you turn your IPhone off to protect yourself from attack?

According to this article I’ll be linking to, some advice that came from Australia’s Prime Minister indicates that you should turn off your phone for at least 5 minutes to prevent attacks like Spear Phishing, clickjacking and other attacks.

While you and I could get email saying that we owe money where we don’t, or a package is delayed where it isn’t, we normally don’t get something that will run on our device without prompting.

While turning off your IPhone is an interesting idea, it may solve some underlying issue you may have because it’ll flush out the memory and clear anything stuck. But I personally have gone weeks with this phone without restarting it. In fact, running updates like the latest 16.5.1 must be done at a time I’m not expecting any visitors or potential calls.

With that said, if you feel you need to turn off your device every day, go for it. But it isn’t going to solve the types of attacks mentioned within the article the minister is saying it’ll stop.

Please read this full article which covers IOS features that might be of value to protect yourself. Its titled Why tips like ‘turn off your iPhone for five minutes’ don’t actually help users and make it a great day! Sound off BTW and let us know your thoughts.

Thanks for reading!

Comments (1)

American Airlines, Southwest have databreaches

American Airlines, Southwest Airlines disclose data breaches affecting pilots comes from Bleeping Computer through Diva On Breaches on Mastodon.

They link to other breaches that are talked about within this article as well.
Guess we’ll see what kinds of things happen after news of this really get out.

Make it a great day!

Comments (0)

T-Mobile getting rid of credit card, apple pay payments for auto pay customers … good or bad?

Hello folks,

I think I’m going to file this under the “I can’t belive I’m reading this shit” department.

I’d personally like to thank Herbie for boosting this 9 to 5 Mac post, as it really was informative.

It was informative because it shows that T-Mobile really “wants to protect their users” by only accepting bank transfers or debit card auto pay options.

The article must be read if you’re a T-Mobile customer. Its titled T-Mobile ditches AutoPay discount for Apple Pay despite history of security woes and is one of the worst decisions they could possibly make.

How did they come up with the fact aht they pay higher fees taking credit cards VS debit cards? I don’t pay any higher fees with one VS the other. It doesn’t make any sense. Even if their claim is correct, that’s part of doing business! If you don’t want to pay the higher fees, you pass it along to the customer. I’ve seen it done and it technically can be factored in to the price of what you offer.

Have fun with this one!

Comments (1)

Today on the Security hour: Book talk and more

I guess I never published a post talking about what’s going on with the Security Hour.

This week, starting at 8 CT, 6 PT on server 2 of the mix, the main topic will be about one particular book. Besides the book, we’ll cover what else has come around the landscape.

Here’s a link to the listen page for the mix, where server 2 is listed.

Here are the notes for today’s hour. Note that the Throwback Saturday Night show starts at 7 CT, 5 PT with music and general chatter.


On this edition of the program, we’re going to hear my review for a now defunked podcast I simply called the books. The books was a podcast that was to allow people to talk about what books they were reading and their thoughts. This time, Hacked Again is the book. It was a great book and I may have to record some others for this now defunked podcast.

This book is not on BARD, but is available on services like Amazon where we link to, Apple Books and possibly on Bookshare if you have an account.

I recorded this while I was out, so the quality may not be what you’d like, but it should be audible.

Thanks for listening and enjoy!

Comments (0)

Twitter’s API can now be considered dead

I’ve seen something of interest as boosted, so after so many, I checked the date and time of the original. It was posted yesterday, so it is quite revelent. Here is that toot that was posted to Mastodon.

Today in Twitter: Twitter has suspended every single API key not belonging to a Twitter Blue subscriber.

Every. Single. Key. 9to5Mac’s? Dead. Apple’s for iMessage previews? Dead.

Every single API key has been revoked. The Twitter API is officially dead.

Have fun now, Twitter.

As a side note, developing things are happening in the war in Ukraine, and Twitter can’t get much of it and I’ve seen Boosts about some activity. I just read what is posted, not the articles if anything. So I guess this means that Twitter is pretty much gone.

Comments (0)

Lastpass and passkeys

Lastpass and passkeys came up in my feeds lately and I know they’re not the only ones doing pass keys.

The article is Support for Passkeys Coming Later This Year which goes on to talk about how it’ll work.

I figured that people should know what’s going on in this space and this is going to get vbery very interesting as we move forward.

Stay well.

Comments (0)

NSA warns of ‘false sense of security’ against BlackLotus malware

Better pay atention to this if you need to. Just pressing this, there’s not much for me to say.

The National Security Agency said Thursday that organizations should think twice about whether they’re protected against the BlackLotus “bootkit” malware that cybersecurity experts first warned about in March.

Source: NSA warns of ‘false sense of security’ against BlackLotus malware

Comments (0)

New Condi malware goes after TP Link Routers, builds botnet

This is not Conti (c o n t i) this is a new malware group called Condi (C o n d i) who is behind this attack.

I spotted the bleeping computer article titled New Condi malware builds DDoS botnet out of TP-Link AX21 routers and I read it today.

Talk about Bricking routers, this one doesn’t quite do that, but it might as well come close. This one prevents it from getting rebooted or shut down. That can be bad with non-persistent threats, because this one prevents you from doing anything about it.

TP Link does address this, and Bleeping computer has the details on this one.

If you use TP Link, please be advised on what is out there. Thanks for reading!

Comments (0)

Accessibility is recognized as a cybersecurity priority, yet when is the problem going to be fixed?

I know I’m a day behind because I was gone yesterday, so don’t mind me trying to catch up.

I wrote in 2020 a blog post asking if Antivirus was dead.

here is that blog post.

It talks about the major companies and the fact we can’t use them. I would like to thank Malwarebytes for being accessible, but we definitely need more.

Some time within the last month, I got a call from Trend Micro. I was once a customer of theirs, and I raised the concerns I had. They mentioned that I was a lead of theirs, yet I’ve attended webinars by them.

With that said, we had a great discussion and he was a lead developer.

Way back in 2017, I also wrote concerns about Antivirus and the disabled computer user.

blog post here

In it, I was asking for software that could be used and I was liked to Sophos home which I never did install. I’m not against paid software, but I didn’tt seem to use it even though I downloaded it.

I also was recommended Malware Bytes by several people. But this goes past software for AntiVirus. Software is declining in accessibility, not just for blind and visually impaired but for all disabilities.

Speaking of defender, we know that it recently went rogue but software does come with bugs that need to be fixed.

With that said, I saw an article that could be a nice start talking about cybersecurity being a priority. Are we sure about this?

I’m glad the U.K. is leading the way with what this article is saying, but I’ve been sounding the alarm for years. I wonder what exactly changed to get a country to put a leg up and say that this is not acceptible?

The article is titled Accessibility is Officially Recognized as a Cybersecurity Priority and I urge everyone to give this a ready read.

Let me know what you think and let me know how we should proceed. I’m curious on how we can get a leg up too. If people who are in this industry can’t use their software because they become disabled, is that what it is going to take for this community to wake up and fix it?

Please sound off on TSB’s list or even in the comments on the blog.

Your thoughts are welcome!

Comments (0)

UPS, Canada and Smishing … a bad combination

UPS

UPS in Canada is sending out letters to its customers who may have been affected by Smishing attacks after a sub set of information was exposed.

UPS is aware that this started in February 2022 through April of this year.

Diva on Breaches on Mastodon is making us aware of this and the article is titled UPS discloses data breach after exposed customer info used in SMS phishing for your perusal.

If you are a customer in Canada who use the UPS shipping service, please read this article to learn about the email you might end up receiving.

Thanks for reading, make it a great day!

Comments (0)

The Security box, podcast 149: Emotet is back, bigger and better than ever

Hello folks, and welcome to the Security Box Podcast. This is probably the first time in quite awhile that we have gotten the podcast out, EMHS up, and a blog post ready to go.

I decided well after I put the cast together that we wouldn’t do the review of Hacked Again which I mentioned we’d play at the end. I kind of forgot, than realized it as I tagged it. Maybe we’ll play that next week, although we have played I believe before.

For those who don’t like RSS, here is the 112.5mb file for you to have.

Below, please find the show notes for today’s program and thanks so much for participating!

We hope to see you next time.


Welcome to the Security box, podcast 149. On this podcast, we may or may not have a moron, we’ll definitely have news, notes and the landscape and a topic talking about a threat we thought was long gone.

Good Job India, welcome to the moron of the podcast

I stumbled across a video from a Youtube Channel which I am not familiar with. While Nick was in my JRN working room, I decided to see if there was an article about this. While the podcast gets a 9 minute video, check out this article titled India first democracy to ban encrypted messaging apps on massive scale. from a site called tutanota.com. They must be a news related site, name sounds familiar to me. Have fun with this one!

Here’s the youtube video from Mental Outlaw if you want to watch this instead of listening to it.

Topic: Emotet is back, now a threat

The article comes to us this time from Phishlabs. Emotet Returns from Hiatus, Trails QBot in Q1 Volume is the title.

Are you surprised that this is the case? We know that Emotet was taken down in a crqackdown, but like most things, they come back in this industry. Feel free to view the article for complete details or download your copy of the show to hear our thoughts.

Supporting the podcast

If you’d like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can’t do this alone.

Comments (0)

Book Selection: Fancybear Goes Phishing

Hello folks,

After some time away from reading, I’ve made my mind up on what I’m going to be reading next.

The book was found through a podcast called Cybercrime Radio and it sounds like a great read based on what I’ve heard.

Below, please find the information about the book, so you’re informed on what its about.

You’ll also get a link to the book through Amazon if you wish to purchase it or listen to it through Audible.

Fancybear Goes Phishing

The full title of the book is: Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks and the author is Scott J. Shapiro.

About the book

“Unsettling, absolutely riveting, and—for better or worse—necessary reading.” —Brian Christian, author of Algorithms to Live By and The Alignment Problem

An entertaining account of the philosophy and technology of hacking—and why we all need to understand it.

It’s a signal paradox of our times that we live in an information society but do not know how it works. And without understanding how our information is stored, used, and protected, we are vulnerable to having it exploited. In Fancy Bear Goes Phishing, Scott J. Shapiro draws on his popular Yale University class about hacking to expose the secrets of the digital age. With lucidity and wit, he establishes that cybercrime has less to do with defective programming than with the faulty wiring of our psyches and society. And because hacking is a human-interest story, he tells the fascinating tales of perpetrators, including Robert Morris Jr., the graduate student who accidentally crashed the internet in the 1980s, and the Bulgarian “Dark Avenger,” who invented the first mutating computer-virus engine. We also meet a sixteen-year-old from South Boston who took control of Paris Hilton’s cell phone, the Russian intelligence officers who sought to take control of a US election, and others.

In telling their stories, Shapiro exposes the hackers’ tool kits and gives fresh answers to vital questions: Why is the internet so vulnerable? What can we do in response? Combining the philosophical adventure of Gödel, Escher, Bach with dramatic true-crime narrative, the result is a lively and original account of the future of hacking, espionage, and war, and of how to live in an era of cybercrime.

Includes black-and-white images

Here is a link to the Kindle edition of the book and of course, you can choose from hardcover, the kindle, or audible.

Happy reading!

Comments (0)

Tweesecake has been releasing lately, up to 0.16.2

The 0.16 series started getting released this week. Because of recent releases within the last two days after initial release, its time we catch people up on what the program is up to.

Note that in general options, there are settings for twitter dealing with API keys and secret under a setting called advanced. If you can get it to work for you, great, but I don’t believe it is supported officially.

0.16.0

  • • Core: Always return to previously focused buffer on dismiss.
  • Core: Make context-aware volume control check if something is playing. This fixes the issue with voice message volume changing even if the voice message has finished.
  • Core: Bump up auto announcements of longer items by 20 MS.
  • Core: Updated Leasey keymap to latest version.
  • Homeassistant: In the logbook, convert event states with date times into proper TC parsed date time display.
  • Mastodon: Removes unofficial quoting support. You can still view them in the same ways you have been able to.
  • Mastodon: Hopefully fix the bug that inserted your own name into replys.
  • Mastodon: Adds ability to autocomplete usernames.
  • Mastodon: You can now hear when there is audio and play it from the notifications buffer.
  • Mastodon: Remove the need for the content warning check box. It was unnecessary. Now, if you leave the box blank, there is no warning, otherwise there is.
  • Mastodon: Significant improvements to how content is loaded in, specifically content quantity when fetching previous and initial loads. This should fix Ashley’s problem where she would get 800+ items back in the home timeline, while also allowing fetch previous to load more items at a time.
  • Mastodon: There is now an option to set how many API calls loading posts uses.
  • Mastodon: Loading previous posts now happens without causing the program to lock up.
  • Mastodon: Interact with a follow request notification to accept or reject it.
  • Mastodon: Add ability to edit posts.
  • Radio: Added ability to view the last 50 songs played.
  • Telegram: Fix downloading photos.
  • Twitter: Added ability to set custom app keys in the global config session. Note that from this point, this session is not supported and you can use it at your own wrisk.

0.16.1

  • Mastodon: Made speak reference respect the post template.
  • Mastodon: Fix loading notifications.
  • Mastodon: Make autocomplete ignore pre-filled users when replying.
  • Mastodon: Fix edit post in the GUI.

In the text, there were two compose options for Windows and this was what got fixed.

0.16.2

  • Mastodon: Fix unnecessary calls to the API when fetching notifications.

This completes all the updates. If you’ve not updated since the 0.15x series, please do so. Thanks for reading and make it a great day!

Comments (0)

Be Careful with VMware, a June bug is out there

The article title here is VMware warns of critical vRealize flaw exploited in attacks which VMware has since patched.

This isn’t the first time that a patched bug is now out in the wild as being exploitable. This means that those who don’t apply the patch could get in some trouble unless they do patch.

Spotted this through Mastodon and just trying to pass this along for those who may not be aware.

Make it a great day!

Comments (0)

Older Posts »

go to sections menu


navigation menu

go to sections menu