The Technology blog and podcast
This is for the technology blog and podcast Commentary, articles, and podcasts
Should we get rid of chrome or chromium browsers? One article doesn’t convince me … toots say yes
On July 26th, I blogged about Google’s great idea where they would basicly change the way Chrome works. In the accompanying article, it was reported that the ideas where pretty bad.
It seems as though this community is at least looking. Maybe our work is finally paying off. Here’s one toot posted to Mastodon.
It says:
Kay: Boosting Monique (crazydutchy): Speaking of Chrome, I have rarely ever used it, only if some website on Firefox was not working correctly. Although I agree, we should put pressure on Google if we can, because what they are proposing is pretty bad, likely worse than what twitter ever did. But also please remember, not everyone may have a choice, and although I in favour of making people aware of the situation, telling others what they can or cannot, must or must not do, generally tends to have the opposite result.
Here’s another toot. It says:
Kay: Boosting HIIT it hard af (af): Stop using Chrome as your daily driver.
Google proposed adding DRM to Chrome, which will be used to stop ad blockers, privacy tools, password plugins, accessibility/reader modes.
The only way to stop Google’s Chrome from wrecking the internet like Internet Explorer did for many year to switch to a NOT chromium-based browser as soon as possible for your day to day. You’ve got Safari, and Firefox as your choices.
I know you’ll have to use Chrome sometimes because it’s already happening.
In the linked article that I link to from my blog post, I don’t remember it ever saying that it was going to disable reader mode or accessibility tools.
With this said, I don’t want to say what these posts are saying is true or false, because we really don’t know what Google will do except for what at least one article indicates.
What I will say, is that people should use the browser that works best for their needs. If you’re telling users not to use Chrome, than all chrome browsers including edge should not be used. I don’t want to go that far, based on only one article that came across my desk.
What I’ll ask is this: if someone has an updated article that indicates that Google will break accessibility access to our screen readers and reading tools like the reader mode for articles, I would love to see these so I can see what they say. I don’t see everything, so when I saw these two toots, I starte to wonder.
Please use the contact page to send links or sign up and send links as comments to articles. There’s no bashing here, just seaking information so maybe I can be better educated and the people that help me with the podcast can learn too.
As I’ve said, knowledge is power. Let’s share what we know. I believe these toots are doing that, but I am not aware of it. And, I’ve used chrome when needed.So, let’s share those articles so we can all make the best decision possible!
Comments (0)
A very interesting podcast
There was a very interesting podcast within the last several days that two companies who colaborate are doing and is tlaked about. Its not as easy just to check a box with cybersecurity training.
These classes are held once or maybe twice a year. But two companies have joined up in Virginia and are working to change the way Cybersecurity training is done.
This podcast is part of the talking risk series at Cyber Crime Radio.
This is why I always encourage stories of things that have gone wrong so we can possibly learn from them. If we don’t know what’s out there, how can we make sure we are trying our best to learn so we don’t make the same mistake?
I was looking to link to a copy of the file, but maybe people are passing through that might be looking for something else.
If this interests you, go seek this program out, as telling stories, making sure we know whats out there, learning what to spot and defend against it will be our key.
As the podcast says, humans are the weakest link, we are going to make mistakes, and they even tell stories and ask why they clicked on said link and gave examples of things similar to what we do on TSB.
If you find it, let us know what you think of this program.
Comments (0)
Databreach at ESA program in Arizona, response is: “Its no big deal”
Even one person is one too many. Letters went back and forth about a breach at a program that helps fund private education. It seems as though that disabled children may be affected, but according to the article only one person was affected and nobody knows anything about it.
DevaOnBreaches: Boosting Dissent Doe :cupofcoffee: (PogoWasRight): From the nothing-to-see-here-move-along dept:
“A data breach exposed the personal information of thousands of Arizona students enrolled in the state’s school voucher program, according to Gov. Katie Hobbs, but the state’s top education official says it’s not a problem.”
Hobbs has questions about data breach that exposed ESA student info
@douglevin @brett @funnymonkey @mkeierleber
#databreach #EduSec #EdTech #infosec #transparency #politics
Hobbs has questions about data breach that exposed ESA student info is the article which raises the questions.
What is really going on in this state?
Comments (0)
The Transition to X is under way
Hello folks,
I still post to Twitter via this blog and others that I’m going to read anyway. But unlike past days, I’ve seen something completely different.
Below, I’m going to use our Metro Los Angeles Alerts channel with what I now hear with Voice Over. Note that I won’t list anything that they publish, but will give an example of what it sounds like.
X Metro La Rider Alerts: The alert of what they will write goes here. .
If it was minutes ago, it would say:
X 14 minutes ago: Metro LA Rider alerts: The alert which I may have missed would be repeated for me through this message.
This is all I have. Just an interesting musing on a Monday morning.
Comments (0)
Over 400,000 corporate credentials are out there
Here are two vcritical paragraphs out of this particular article that Diva on Breaches posted to Mastodon.
The first says:
Information stealers are malware that steals data stored in applications such as web browsers, email clients, instant messengers, cryptocurrency wallets, FTP clients, and gaming services. The stolen information is packaged into archives called ‘logs,’ which are then uploaded back to the threat actor for use in attacks or sold on cybercrime marketplaces.
The second paragraph is probably the most important. It says:
The most prominent information-stealing families are Redline, Raccoon, Titan, Aurora, and Vidar, offered to cyber criminals on a subscription-based model, allowing them to conduct malware campaigns that steal data from infected devices.
Here is the blog post when we covered Red Line Staler.
If this is any indication, stalers like Red Line are not going anywhere. And, the fact that there are others out there make this type of thing a bigger problem than first talked about.
This article is titled Over 400,000 corporate credentials stolen by info-stealing malware and I urge this community to check it out. Don’t get targeted with this one.
Comments (0)
60k Android devices possibly carying stalkerware
We’ve published a few articles on stalkerware. This time, Malwarebytes has something about the topic. 60,000 Android devices, going back to 2016, may have such a program on it. The app mentioned in this article by the company is called Spyhide (Spy Hide) which gives out location data in real time, call logs, contacts and other information.
More details: 60,000 Androids have stalkerware-type app Spyhide installed.
Comments (0)
“Worm GPT” and “Fraud GPT,” its time to be more vigelant
In today’s newsletter, Kim drops some new terms. Worm GPT and Fraud GPT.
While Chat GPT and other services like Bard (Google’s chatbot) and Bing (Microsoft and skype) have protections in place by their creators, there is a version of these that is not filtered by these restraints.
In today’s newsletter, Kim links to the iphone link and the android link from her newsletter.
Here are more items from this list that we’re passing along.
- AI social media scams use sponsored ads and posts to get you to download malware.
- AI phishing scams are usually emails with a shady sense of urgency, pretending to be a legitimate company or bank. They’ll ask for money or your personal info ASAP and include malicious links.
- AI voice-cloning scams fool you into thinking a loved one is hurt, in jail or in an emergency situation that requires money.
- AI investment scammers pose as cryptocurrency gurus and promise huge returns on fake investments.
<
She also links to research that has been done through a site called tech.co. This article is titled WormGPT Is ChatGPT for Scammers, and It’s Seriously Dangerous. It was last updated on July 18th, but it is packed with information that might be of value to this community.
Be safe out there. Thanks for reading! BTW this tech.co article will be linked on EMHS’s article list when we update the site next.
Comments (0)
This week on the security hour, Kuwait’s Stupid Law
Hello folks,
Welcome to another post about the Security Hour on Saturday on server 2 of The Mix.
This time, we talk about one of the most stupidest laws we’ve probably ever heard of.
We also will see what else comes across in the landscape.
The notes for the hour follow, notating that that the hour starts at 8 CT while the show itself starts at 7.
Hello everyone. Kuwait’s stupid law. This is the blog post that leads to this article titled Trial and error in Kuwait and my thoughts. We’ll see what the team has to say about this one. News, notes and more as well.
Comments (0)
U.K. ambulance company hauled offline, could be dangerous
Cyber Crime Radio reports that South England’s Ambulance company suffered a ransomware attack which could affect information gathering such as medication, allergies and other things that could assist during an emergency.
Scott also mentioned within the audio podcast what areas he issue affects.
We later found this databreaches article titled UK: Ambulance patient records system hauled offline for cyber-attack probe which could go right in to this post.
I actually spotted this on my way in to Los Angeles, and was sent this while I was in Los Angeles.
No patients were affected except delays could be made where the information i mentioned needed to be gotten in other ways.
We are not aware whether the company paid any ransom.
Comments (0)
If you’re using Move It file transfer, maybe its time to talk about switching
Hello folks,
I don’t know about you, but maybe its time to think about switching away from this file transfer program “Moveit.” Not to be confused with Moveit transportation, this file transfer program has now hit a company called Maximus.
McLean, Va.-based Maximus (NYSE:MMS) is the first government contractor to publicly disclose that its computer systems suffered a breach from the MOVEit
ransomware hack. MOVEit is a file transfer application that Maximus used internally and with government customers. In a Securities and Exchange Commission
filing posted Jul. 26, Maximus said that between 8 million and 11 million individuals could have had their personal information exposed including health
information
You can find more at Cyber Security Ventures on their today page where they post stuff.
This is a developing story, and could be updated in the future.
Comments (0)
Twitter X, “Dark mode is much better”
The Verge is reporting that Twitter (X) will now come in dark mode starting soon if it hasn’t done so already.
As it rebrands in to X, people slammed the company saying that their phones only go in to dark mode in certain times, and so he’s backed off just a little bit.
Since Twitter has gotten rid of the accessibility team, I’ll assume that X will eventually lose its accessibility clout and will become harder for those using some sort of accessibility service whether its voiceover, tools for making the text larger, or possibly even other tech that other disabilities need to use their devices.
I wonder how much X is going to have on people’s lives once this transition is complete.
The Verge’s article is titled Elon Musk capitulates: Twitter will default to dark mode but still offer a light option/ as it was updated since first post.
Let’s go!
Comments (0)
Translation of a companywide memo
This has to be great. We can take this as a laugh. Translation From Hostage Code to English of X Corp CEO Linda Yaccarino’s Company-Wide Memo can probably be a chuckle.
Have a great night with this one. I’ll catch up with more stuff later on.
Comments (0)
Rite Aid customers swept up in data breach
The Hill is reporting that Rite Aid customers are now swept up in a data breach that apparently occurred in March. Info including name, date of birth, address, prescription info and limited insurance info. That info included limited card details information which included its ID number and the plan.
According to the article, no billing information was taken.
Rite Aid customers’ personal information accessed in data breach is the article.
As far as I’m concerned, Rite Aid did not contact me about the breach, and there is no known number of customers mentioned in the article.
Comments (0)
Yamaha is listed twice, breached
Yamaha musical instruments Canada has suffered breaches at the hands of two potential groups, none of who the JRN have heard of.
One of the groups is known as BlackByte while the other is called Akira ransomware group.
BlackBite was apparently last month while Akira was apparently last week.
Cybercrime magazine covered this in their update podcasts.
Graham CLULEY
covers this for Bit Defender. Following claims by two ransomware groups, Yamaha confirms the cyberattack is the article.
Apparently the motorcycle component of the company has broken off from the instrument division.
More in the short read linked above!
Comments (0)
The Security box, podcast 154: 13 DDoS-for-hire services closed
Hello folks,
We’d like to thank Terry for showing up today in Clubhouse. Don’t worry, we did go through the topic, allowed space for comments from listeners of the stream but there were none. We do allow you to contact the podcast at any time, so please do so.
We have contact info through the blog, as well as my main web site for you to use.
The RSS feed is going to be updated soon with the file, but for those who don’t have RSS, the 138.4mb download file is here.
It’ll also be made available through TSB’s page on email host security.
Now, without any further ado, let’s get you the show notes.
Thanks for listening, and do make it a great day!
Hello folks, welcome to program 154. On this edition of the program, come with us for some news and notes, a recollection of someone who can change after making mistakes, and a topic talking about DDoS for hire services that have been shut down within recent times which could be a good thing.
A Note on a passing of a recent Security Expert
Kevin Mitnick recently passed away on July 16, 2023. He did have an interesting career, a criminal in his early years to a security consultant after the fact.
Brian Krebs sent the news through on Mastodon, and we blogged about it on the same day … July 20, 2023.
Below, please find the books Kevin wrote. Note that the blog post does mention these and what is available also on BARD. I attended one of his webinars that KnowBe4 put on and it was excellent!
The books
- Kevin Mitnick, Steve Wozniak and William L. Simon
- Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker
- The Art of Deception: Controlling the Human Element of Security
- The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers 1st Edition
- Kevin Mitnick and Mikko Hypponnen
DDos for hire services shut down
We blogged about this on the blog, and now its time for it to be talked about. This is a Krebs on Security article titled Feds Take Down 13 More DDoS-for-Hire Services which I found was quite good. Let’s see what you think and our contact info will be given throughout the program.
Supporting the podcast
If you’d like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can’t do this alone.
Comments (0)
Google having a great idea, but questions are abound
I don’t know much about this proposal on whether it is bad, but trusted environments will be a good thing to weed out the bad on the internet.
In an article boosted by Brian Krebs, it states that there is some controversy on this new proposal that Google is probably wanting to push out without any oversite.
While we wait to see, the article is titled Google engineers want to make ad-blocking (near) impossible which was an interesting read.
Google’s moto is not to have ads blocked because they make their money that way.
Sites like mine don’t make money because I refuse to put stuff on my pages I’ve tested myself, or if it is like a facebook button or the like as part of the blog.
As told once before, stuff can be modified and can turn an entire site malicious, even if you don’t do it yourself.
I guess we’ll see what happens with this one, and I hope that we will learn more about it.
Comments (1)
What do you think, is accessibility just nice, or do you think it should be good business?
In an article I saw this morning, I thought that this was a great read and should be good business sense.
To be honest, I always hear that we’ll “put it on the list” and never hear anything when it comes to accessibility bugs and I know that there are plenty who have voiced this through Mastodon.
They have the right to say that.
This article is titled Accessibility Isn’t Just Nice; It’s Good Business should be read.
If people who develop understand this, maybe we’ll get somewhere with all these bugs that software has that companies just put the accessibility bugs on a list that probably gets forwarded and not delbt with.
When I read one boost about wining about accessibility, I just have to wonder.
Is it really necessarily for a 7th title to be developed to fix this issue?
As today is the signing of the ADA as done in 1990, how can we fix this?
Comments (1)
A reblog of the recent books recently added to EMHS
Hello folks,
First of all, if you saw the previous post, we’ve tried to fix the list problem but WordPress seems to be stuck in its ways, sorry about that!
To fix this, we made it an ordered list for the sublists to work properly. We don’t know why the double unordered list doesn’t work like it does on the web site, but when this posts again, this should now post properly. It would close the first list item from the author standpoint but keep the rest in tact. Strange tech!
Second, as posted on the 25th, we recently added yet one more book. This gives us 25. And, the newest book will be out in September.
So, now that I think we’re done messing with the books and I’ve fixed all of the HTML for the resources page of EMHS, let’s give you the entire list in which we have new material.
We hope this list is of value.
The following is the list of books. When looking at the entire list, we show 56 items, notating that we sublist the books from their authors. Some may have multiple books too.
- Noah Zhang and Gary Westphalen
- Marc Goodman and Robertson Dean
- Jeff Horwitz
- Christopher Hadnagy
- Ben McKenzie and Jacob Silverman
- Jeff White
- Maxie Reynolds
- Nicole Perlroth
- Matt Potter
- Kevin Poulsen
- Joseph Menn
- Bruce Sterling
- David E. Sanger
- Parmy Olson
- Michelle Slatalla and Joshua Quittner
- Thomas Rid
- Active Measures: The Secret History of Disinformation and Political Warfare
- Cyber War Will Not Take Place
- Bruce Schneier
- Bruce Schneier and Ken Maxon
- Bobby Hundreds
- Ted Koppel
- Cris Thomas
- Roger A. Grimes
- Kashmir Hill
If you’ve got any questions, please drop us a line. Thanks for reading!
Comments (0)
Anti Detect software, here we go
J Wolfgang Goerlich, someone who was once on our podcast here at the technology blog posted something worth exploring. He’s now on Mastodon. Here’s what he posted.
J Wolfgang Goerlich: One of the things I speculated in my RSAC talk on zero trust was adversaries bypassing device identity and posture. Check this article out:
“Attackers are using these spoofing tools by exploiting stolen cookie files, impersonating hyper-granular device identifiers and using fraud victims’ unique network settings.”
Whelp. That didn’t take long.
https://www.govinfosecurity.com/threat-actors-customizing-tools-for-mobile-os-based-fraud-a-22539
Keep in mind that this is an info security person calling for change. But as you can see by the article which we’ll fully link to in a bit, this is now practical.
Looks like things that can be stolen can include anything they want including the type of phone, the hardware make, model and the like.
It can be made to come from your IP address, making it look like you logged in to your bank as an example, bypassing the check for whether say money was withdrawn from another country as an example.
Gov Info Security’s article is titled Threat Actors Customizing Tools for Mobile OS-Based Fraud and us IOS users better be on the lookout!
Let’s be aware, thanks J for posting this for us to see, and make it a great day, friend! He never followed back, but this was definitely a great read.
Comments (0)
Virus Total is “sorry that someone fat fingered” and published data online
I know mistakes happen, and clearly I thought that this was an honest mistake.
In recent days, we spotted and it got reboosted on Mastodon a post from databreaches. Its titled VirusTotal: We’re sorry someone fat-fingered and exposed 5,600 users.
Maybe whoever did it wanted to make sure the file was safe? I don’t know, but it always seemed to me that it was user error, and nothing more.
There is a link to something called “Layer 8” which is described as a human problem.
So … what are we supposed to do now, expect that all files are safe when we get them? I honestly don’t blame the person for doing this, even if it lead to a mistake.
Thanks for posting this, DataBreaches, we like the update.
I don’t expect this to happen again.
Comments (0)
navigation menu
- Archives
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- December 2018
- November 2018
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- Categories of this blog
- Subscribe to Blog via Email
Join 8 other subscribers
- The tech blog’s pages
- Blogroll
- Crashmasters blog
- Cyberscoop
- Documentation
- Improve Internet Accessibility for Individuals with Impaired Vision
- International friends network stream
- Kim Komando
- Krebs On Security
- Plugins
- Register to this site
- Suggest Ideas
- Support Forum
- supporters and partners
- the blind perspective
- The Jared Rimer Network donations page
- The Phishlabs Blog
- The Security Box discussion list
- The Technology blog and podcast and TSB on amazon music podcasts
- Themes
- toptechtidbits
- WordPress Blog
- WordPress Planet
- “Blind VMS and the Tech podcast join forces”