The Technology blog and podcast

Should we get rid of chrome or chromium browsers? One article doesn’t convince me … toots say yes

On July 26th, I blogged about Google’s great idea where they would basicly change the way Chrome works. In the accompanying article, it was reported that the ideas where pretty bad.

It seems as though this community is at least looking. Maybe our work is finally paying off. Here’s one toot posted to Mastodon.

It says:

Kay: Boosting Monique (crazydutchy): Speaking of Chrome, I have rarely ever used it, only if some website on Firefox was not working correctly. Although I agree, we should put pressure on Google if we can, because what they are proposing is pretty bad, likely worse than what twitter ever did. But also please remember, not everyone may have a choice, and although I in favour of making people aware of the situation, telling others what they can or cannot, must or must not do, generally tends to have the opposite result.

Here’s another toot. It says:

Kay: Boosting HIIT it hard af (af): Stop using Chrome as your daily driver.

Google proposed adding DRM to Chrome, which will be used to stop ad blockers, privacy tools, password plugins, accessibility/reader modes.

The only way to stop Google’s Chrome from wrecking the internet like Internet Explorer did for many year to switch to a NOT chromium-based browser as soon as possible for your day to day. You’ve got Safari, and Firefox as your choices.

I know you’ll have to use Chrome sometimes because it’s already happening.

In the linked article that I link to from my blog post, I don’t remember it ever saying that it was going to disable reader mode or accessibility tools.

With this said, I don’t want to say what these posts are saying is true or false, because we really don’t know what Google will do except for what at least one article indicates.

What I will say, is that people should use the browser that works best for their needs. If you’re telling users not to use Chrome, than all chrome browsers including edge should not be used. I don’t want to go that far, based on only one article that came across my desk.

What I’ll ask is this: if someone has an updated article that indicates that Google will break accessibility access to our screen readers and reading tools like the reader mode for articles, I would love to see these so I can see what they say. I don’t see everything, so when I saw these two toots, I starte to wonder.

Please use the contact page to send links or sign up and send links as comments to articles. There’s no bashing here, just seaking information so maybe I can be better educated and the people that help me with the podcast can learn too.

As I’ve said, knowledge is power. Let’s share what we know. I believe these toots are doing that, but I am not aware of it. And, I’ve used chrome when needed.So, let’s share those articles so we can all make the best decision possible!

Comments (0)

A very interesting podcast

There was a very interesting podcast within the last several days that two companies who colaborate are doing and is tlaked about. Its not as easy just to check a box with cybersecurity training.

These classes are held once or maybe twice a year. But two companies have joined up in Virginia and are working to change the way Cybersecurity training is done.

This podcast is part of the talking risk series at Cyber Crime Radio.

This is why I always encourage stories of things that have gone wrong so we can possibly learn from them. If we don’t know what’s out there, how can we make sure we are trying our best to learn so we don’t make the same mistake?

I was looking to link to a copy of the file, but maybe people are passing through that might be looking for something else.

If this interests you, go seek this program out, as telling stories, making sure we know whats out there, learning what to spot and defend against it will be our key.

As the podcast says, humans are the weakest link, we are going to make mistakes, and they even tell stories and ask why they clicked on said link and gave examples of things similar to what we do on TSB.

If you find it, let us know what you think of this program.

Comments (0)

Databreach at ESA program in Arizona, response is: “Its no big deal”

Even one person is one too many. Letters went back and forth about a breach at a program that helps fund private education. It seems as though that disabled children may be affected, but according to the article only one person was affected and nobody knows anything about it.

DevaOnBreaches: Boosting Dissent Doe :cupofcoffee: (PogoWasRight): From the nothing-to-see-here-move-along dept:

“A data breach exposed the personal information of thousands of Arizona students enrolled in the state’s school voucher program, according to Gov. Katie Hobbs, but the state’s top education official says it’s not a problem.”

Hobbs has questions about data breach that exposed ESA student info

@douglevin @brett @funnymonkey @mkeierleber
#databreach #EduSec #EdTech #infosec #transparency #politics

Hobbs has questions about data breach that exposed ESA student info is the article which raises the questions.

What is really going on in this state?

Comments (0)

The Transition to X is under way

Hello folks,

I still post to Twitter via this blog and others that I’m going to read anyway. But unlike past days, I’ve seen something completely different.

Below, I’m going to use our Metro Los Angeles Alerts channel with what I now hear with Voice Over. Note that I won’t list anything that they publish, but will give an example of what it sounds like.

X Metro La Rider Alerts: The alert of what they will write goes here. .

If it was minutes ago, it would say:

X 14 minutes ago: Metro LA Rider alerts: The alert which I may have missed would be repeated for me through this message.

This is all I have. Just an interesting musing on a Monday morning.

Comments (0)

Over 400,000 corporate credentials are out there

Here are two vcritical paragraphs out of this particular article that Diva on Breaches posted to Mastodon.

The first says:

Information stealers are malware that steals data stored in applications such as web browsers, email clients, instant messengers, cryptocurrency wallets, FTP clients, and gaming services. The stolen information is packaged into archives called ‘logs,’ which are then uploaded back to the threat actor for use in attacks or sold on cybercrime marketplaces.

The second paragraph is probably the most important. It says:

The most prominent information-stealing families are Redline, Raccoon, Titan, Aurora, and Vidar, offered to cyber criminals on a subscription-based model, allowing them to conduct malware campaigns that steal data from infected devices.

Here is the blog post when we covered Red Line Staler.

If this is any indication, stalers like Red Line are not going anywhere. And, the fact that there are others out there make this type of thing a bigger problem than first talked about.

This article is titled Over 400,000 corporate credentials stolen by info-stealing malware and I urge this community to check it out. Don’t get targeted with this one.

Comments (0)

60k Android devices possibly carying stalkerware

We’ve published a few articles on stalkerware. This time, Malwarebytes has something about the topic. 60,000 Android devices, going back to 2016, may have such a program on it. The app mentioned in this article by the company is called Spyhide (Spy Hide) which gives out location data in real time, call logs, contacts and other information.

More details: 60,000 Androids have stalkerware-type app Spyhide installed.

Comments (0)

“Worm GPT” and “Fraud GPT,” its time to be more vigelant

In today’s newsletter, Kim drops some new terms. Worm GPT and Fraud GPT.

While Chat GPT and other services like Bard (Google’s chatbot) and Bing (Microsoft and skype) have protections in place by their creators, there is a version of these that is not filtered by these restraints.

In today’s newsletter, Kim links to the iphone link and the android link from her newsletter.

Here are more items from this list that we’re passing along.

• AI social media scams use sponsored ads and posts to get you to download malware.

<

• AI phishing scams are usually emails with a shady sense of urgency, pretending to be a legitimate company or bank. They’ll ask for money or your personal info ASAP and include malicious links. 
• AI voice-cloning scams fool you into thinking a loved one is hurt, in jail or in an emergency situation that requires money.
• AI investment scammers pose as cryptocurrency gurus and promise huge returns on fake investments.

She also links to research that has been done through a site called tech.co. This article is titled WormGPT Is ChatGPT for Scammers, and It’s Seriously Dangerous. It was last updated on July 18th, but it is packed with information that might be of value to this community.

Be safe out there. Thanks for reading! BTW this tech.co article will be linked on EMHS’s article list when we update the site next.

Comments (0)

This week on the security hour, Kuwait’s Stupid Law

Hello folks,

Welcome to another post about the Security Hour on Saturday on server 2 of The Mix.

This time, we talk about one of the most stupidest laws we’ve probably ever heard of.

We also will see what else comes across in the landscape.

The notes for the hour follow, notating that that the hour starts at 8 CT while the show itself starts at 7.

---

Hello everyone. Kuwait’s stupid law. This is the blog post that leads to this article titled Trial and error in Kuwait and my thoughts. We’ll see what the team has to say about this one. News, notes and more as well.

Comments (0)

U.K. ambulance company hauled offline, could be dangerous

Cyber Crime Radio reports that South England’s Ambulance company suffered a ransomware attack which could affect information gathering such as medication, allergies and other things that could assist during an emergency.

Scott also mentioned within the audio podcast what areas he issue affects.

We later found this databreaches article titled UK: Ambulance patient records system hauled offline for cyber-attack probe which could go right in to this post.

I actually spotted this on my way in to Los Angeles, and was sent this while I was in Los Angeles.

No patients were affected except delays could be made where the information i mentioned needed to be gotten in other ways.

We are not aware whether the company paid any ransom.

The JRN

Comments (0)

If you’re using Move It file transfer, maybe its time to talk about switching

Hello folks,

I don’t know about you, but maybe its time to think about switching away from this file transfer program “Moveit.” Not to be confused with Moveit transportation, this file transfer program has now hit a company called Maximus.

McLean, Va.-based Maximus (NYSE:MMS) is the first government contractor to publicly disclose that its computer systems suffered a breach from the MOVEit
ransomware hack. MOVEit is a file transfer application that Maximus used internally and with government customers. In a Securities and Exchange Commission
filing posted Jul. 26, Maximus said that between 8 million and 11 million individuals could have had their personal information exposed including health
information

You can find more at Cyber Security Ventures on their today page where they post stuff.

This is a developing story, and could be updated in the future.

Comments (0)

Twitter X, “Dark mode is much better”

The Verge is reporting that Twitter (X) will now come in dark mode starting soon if it hasn’t done so already.

As it rebrands in to X, people slammed the company saying that their phones only go in to dark mode in certain times, and so he’s backed off just a little bit.

Since Twitter has gotten rid of the accessibility team, I’ll assume that X will eventually lose its accessibility clout and will become harder for those using some sort of accessibility service whether its voiceover, tools for making the text larger, or possibly even other tech that other disabilities need to use their devices.

I wonder how much X is going to have on people’s lives once this transition is complete.

The Verge’s article is titled Elon Musk capitulates: Twitter will default to dark mode but still offer a light option/ as it was updated since first post.

Let’s go!

Comments (0)

Translation of a companywide memo

This has to be great. We can take this as a laugh. Translation From Hostage Code to English of X Corp CEO Linda Yaccarino’s Company-Wide Memo can probably be a chuckle.

Have a great night with this one. I’ll catch up with more stuff later on.

Comments (0)

Rite Aid customers swept up in data breach

The Hill is reporting that Rite Aid customers are now swept up in a data breach that apparently occurred in March. Info including name, date of birth, address, prescription info and limited insurance info. That info included limited card details information which included its ID number and the plan.

According to the article, no billing information was taken.

Rite Aid customers’ personal information accessed in data breach is the article.

As far as I’m concerned, Rite Aid did not contact me about the breach, and there is no known number of customers mentioned in the article.

Comments (0)

Yamaha is listed twice, breached

Yamaha musical instruments Canada has suffered breaches at the hands of two potential groups, none of who the JRN have heard of.

One of the groups is known as BlackByte while the other is called Akira ransomware group.

BlackBite was apparently last month while Akira was apparently last week.

Cybercrime magazine covered this in their update podcasts.

Graham CLULEY
covers this for Bit Defender. Following claims by two ransomware groups, Yamaha confirms the cyberattack is the article.

Apparently the motorcycle component of the company has broken off from the instrument division.

More in the short read linked above!

Comments (0)

The Security box, podcast 154: 13 DDoS-for-hire services closed

Hello folks,

We’d like to thank Terry for showing up today in Clubhouse. Don’t worry, we did go through the topic, allowed space for comments from listeners of the stream but there were none. We do allow you to contact the podcast at any time, so please do so.

We have contact info through the blog, as well as my main web site for you to use.

The RSS feed is going to be updated soon with the file, but for those who don’t have RSS, the 138.4mb download file is here.

It’ll also be made available through TSB’s page on email host security.

Now, without any further ado, let’s get you the show notes.

Thanks for listening, and do make it a great day!

---

Hello folks, welcome to program 154. On this edition of the program, come with us for some news and notes, a recollection of someone who can change after making mistakes, and a topic talking about DDoS for hire services that have been shut down within recent times which could be a good thing.

A Note on a passing of a recent Security Expert

Kevin Mitnick recently passed away on July 16, 2023. He did have an interesting career, a criminal in his early years to a security consultant after the fact.

Brian Krebs sent the news through on Mastodon, and we blogged about it on the same day … July 20, 2023.

Below, please find the books Kevin wrote. Note that the blog post does mention these and what is available also on BARD. I attended one of his webinars that KnowBe4 put on and it was excellent!

The books

1. Kevin Mitnick, Steve Wozniak and William L. Simon
• Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker
• The Art of Deception: Controlling the Human Element of Security
• The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers 1st Edition
2. Kevin Mitnick and Mikko Hypponnen
• The Art of Invisibility: The World’s Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data

---

DDos for hire services shut down

We blogged about this on the blog, and now its time for it to be talked about. This is a Krebs on Security article titled Feds Take Down 13 More DDoS-for-Hire Services which I found was quite good. Let’s see what you think and our contact info will be given throughout the program.

Supporting the podcast

If you’d like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can’t do this alone.

Comments (0)

Google having a great idea, but questions are abound

I don’t know much about this proposal on whether it is bad, but trusted environments will be a good thing to weed out the bad on the internet.

In an article boosted by Brian Krebs, it states that there is some controversy on this new proposal that Google is probably wanting to push out without any oversite.

While we wait to see, the article is titled Google engineers want to make ad-blocking (near) impossible which was an interesting read.

Google’s moto is not to have ads blocked because they make their money that way.

Sites like mine don’t make money because I refuse to put stuff on my pages I’ve tested myself, or if it is like a facebook button or the like as part of the blog.

As told once before, stuff can be modified and can turn an entire site malicious, even if you don’t do it yourself.

I guess we’ll see what happens with this one, and I hope that we will learn more about it.

Comments (1)

What do you think, is accessibility just nice, or do you think it should be good business?

In an article I saw this morning, I thought that this was a great read and should be good business sense.

To be honest, I always hear that we’ll “put it on the list” and never hear anything when it comes to accessibility bugs and I know that there are plenty who have voiced this through Mastodon.

They have the right to say that.

This article is titled Accessibility Isn’t Just Nice; It’s Good Business should be read.

If people who develop understand this, maybe we’ll get somewhere with all these bugs that software has that companies just put the accessibility bugs on a list that probably gets forwarded and not delbt with.

When I read one boost about wining about accessibility, I just have to wonder.

Is it really necessarily for a 7th title to be developed to fix this issue?

As today is the signing of the ADA as done in 1990, how can we fix this?

Comments (1)

A reblog of the recent books recently added to EMHS

Hello folks,

First of all, if you saw the previous post, we’ve tried to fix the list problem but WordPress seems to be stuck in its ways, sorry about that!

To fix this, we made it an ordered list for the sublists to work properly. We don’t know why the double unordered list doesn’t work like it does on the web site, but when this posts again, this should now post properly. It would close the first list item from the author standpoint but keep the rest in tact. Strange tech!

Second, as posted on the 25th, we recently added yet one more book. This gives us 25. And, the newest book will be out in September.

So, now that I think we’re done messing with the books and I’ve fixed all of the HTML for the resources page of EMHS, let’s give you the entire list in which we have new material.

We hope this list is of value.

The following is the list of books. When looking at the entire list, we show 56 items, notating that we sublist the books from their authors. Some may have multiple books too.

1. Noah Zhang and Gary Westphalen
• Cyber Security: The Beginners Guide to Learning the Basics of Information Security and Modern Cyber Threats
2. Marc Goodman and Robertson Dean
• Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It
3. Jeff Horwitz
• Broken Code: Inside Facebook and the Fight to Expose Its Harmful Secrets
4. Christopher Hadnagy
• Social Engineering, Second Edition: The Science of Human Hacking
5. Ben McKenzie and Jacob Silverman
• Easy Money: Cryptocurrency, Casino Capitalism, and the Golden Age of Fraud
6. Jeff White
• Crime Dot Com: From Viruses to Vote Rigging, How Hacking Went Global
7. Maxie Reynolds
• The Art of Attack: Attacker Mindset for Security Professionals
8. Nicole Perlroth
• This Is How They Tell Me the World Ends: The Cyberweapons Arms Race
9. Matt Potter
• We Are All Targets: How Renegade Hackers Invented Cyber War and Unleashed an Age of Global Chaos
10. Kevin Poulsen
• Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground
11. Joseph Menn
• Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World
12. Bruce Sterling
• The Hacker Crackdown: Law and Disorder on the Electronic Frontier
13. David E. Sanger
• The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age
14. Parmy Olson
• We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency
15. Michelle Slatalla and Joshua Quittner
• Masters of Deception: The Gang That Ruled Cyberspace
16. Thomas Rid
• Active Measures: The Secret History of Disinformation and Political Warfare
• Cyber War Will Not Take Place
17. Bruce Schneier
• Click Here to Kill Everybody: Security and Survival in a Hyper-connected World
18. Bruce Schneier and Ken Maxon
• Schneier on Security
19. Bobby Hundreds
• NFTs Are a Scam/NFTs Are the Future: The Early Years: 2020-2023
20. Ted Koppel
• Lights Out: A Cyberattack, a Nation Unprepared, Surviving the Aftermath
21. Cris Thomas
• Space Rogue: How the Hackers Known As L0pht Changed the World
22. Roger A. Grimes
• Ransomware Protection Playbook
• Hacking the Hacker: Learn From the Experts Who Take Down Hackers
23. Kashmir Hill
• Your Face Belongs to Us: A Secretive Startup’s Quest to End Privacy as We Know It

If you’ve got any questions, please drop us a line. Thanks for reading!

Comments (0)

Anti Detect software, here we go

J Wolfgang Goerlich, someone who was once on our podcast here at the technology blog posted something worth exploring. He’s now on Mastodon. Here’s what he posted.

J Wolfgang Goerlich: One of the things I speculated in my RSAC talk on zero trust was adversaries bypassing device identity and posture. Check this article out:

“Attackers are using these spoofing tools by exploiting stolen cookie files, impersonating hyper-granular device identifiers and using fraud victims’ unique network settings.”

Whelp. That didn’t take long.
https://www.govinfosecurity.com/threat-actors-customizing-tools-for-mobile-os-based-fraud-a-22539

Keep in mind that this is an info security person calling for change. But as you can see by the article which we’ll fully link to in a bit, this is now practical.

Looks like things that can be stolen can include anything they want including the type of phone, the hardware make, model and the like.

It can be made to come from your IP address, making it look like you logged in to your bank as an example, bypassing the check for whether say money was withdrawn from another country as an example.

Gov Info Security’s article is titled Threat Actors Customizing Tools for Mobile OS-Based Fraud and us IOS users better be on the lookout!

Let’s be aware, thanks J for posting this for us to see, and make it a great day, friend! He never followed back, but this was definitely a great read.

Comments (0)

Virus Total is “sorry that someone fat fingered” and published data online

I know mistakes happen, and clearly I thought that this was an honest mistake.

blog post

In recent days, we spotted and it got reboosted on Mastodon a post from databreaches. Its titled VirusTotal: We’re sorry someone fat-fingered and exposed 5,600 users.

Maybe whoever did it wanted to make sure the file was safe? I don’t know, but it always seemed to me that it was user error, and nothing more.

There is a link to something called “Layer 8” which is described as a human problem.

So … what are we supposed to do now, expect that all files are safe when we get them? I honestly don’t blame the person for doing this, even if it lead to a mistake.

Thanks for posting this, DataBreaches, we like the update.

I don’t expect this to happen again.

Comments (0)

Older Posts »

go to sections menu

---