The Technology blog and podcast

A successfull scam opp

Hi this is the link to the article for those that want to read it.
https://www.rnz.co.nz/news/national/501363/how-police-helped-an-elderly-man-avoid-losing-20-000-in-a-scam
So pritty much bee carefull who calls you.
Fake police scams are aparently on the rize again and an old guy found out about it the hard way.

I am happy this one was resolved and if you read the article, well what a twist.
Of note to all users, I am on whats app, also I have my shell working and its all ok.
Laters

Comments (0)

Tech podcast 376: Domain impersonnation look-alike webinar

For those who don’t have RSS this 59.4mb file is the link to the file for today’s podcast.

We know that domains are everywhere. New TLD’s are being thought of and mostly used by actors to get you to get their wares on your machine. Are you prepared to tell what is real and what might be fake?

---

>

Domains. They’re everywhere! In podcast 376 of the tech podcast, we’re going back to a webinar that talks about impersonation and look-alike domains. This still happens today, and while it is over 2 months old, it is still valuable. I hope you enjoy the program for this time, and we’ll have another webinar next time talking about BEC attacks and domains and email and the like. I hope you’ll enjoy. Thanks, Fortra/Phishlabs for putting this together.

---

Hope you enjoy this one!

Comments (0)

Sorry teens, you lose on this one

There’s an entire newsletter covering this, but it wasn’t shared as a link except to share it, not to read it.

This comes from Kim Komando and will be covered on a future Throwback in a few weeks.

You should pass this article to your teen, especially those who were born between 1996 and 2010.

Scammers are targeting teens – Warn your Gen Zer about these tricks is the article. There are several gotcha headings here.

They are:

• Under the influence 
• Hey there, handsome

Send me a photo

• You won! (Not)

Teens are fooled more than 2500 percent to seniors at 805 percent. This is no laughing matter. Check out the entire article for complete details about all 4 of these items and then listen to Throwback in several weeks where we’ll be covering this. I give examples of my own that I’ve seen.

Comments (0)

The Security box, podcast 166: NCSAM week 4: Updating software

Hello folks, welcome to another Security box. On this edition, we’re packed with news, notes and more. We go through the blog and find things that are of value. Besides that, we know that the topic is going to be updating software, and we talk about companies that do ping for updating as well as why its a good idea.

Here is the 146.3mb file if you don’t have RSS and I hope you enjoy!

---

Welcome to the Security box, podcast 166. On this program, news, notes, the landscape and our thoughts on updating software. Check the blog for all of the latest news we’ve blogged and remember to subscribe to TSB’s email list to get direct articles and comment on things.

---

Supporting the podcast

If you’d like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can’t do this alone.

---

Internet Radio airings

Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!

Comments (0)

Here’s more on the twitter fiasco charging $1 to do basic things

I blogged about X apparently wanting to charge $1 for people to use the service.

In a fortune article posted within the last week, it says that current users are not needing to pay the money, but yet new users will.

They say its not supposed to be a money making thing, and the company touts that they’ve pretty much got all of their advertisers back.

To read the entire article by Fortune, posted on October 17th, please read the article. Its titled EXCLUSIVE: X, formerly known as Twitter, will begin charging new users $1 a year to access key features including the ability to tweet and retweet.

I guess we’ll see how this supposedly will go for new users.

Comments (1)

T-Mobile switches users to newer plans, says they’re not raising prices

Article this time comes from Ars Technica. Michael in Tennessee, a contributer to this podcast sent this directly to me several days ago.

The customer service representatives are being told that the newer plans are to give customers more, and customers on one plan are being moved to one plan while another plan is moved to the one some are being moved from.

Sounds like something I want no part in.

The article is titled T-Mobile switches users to pricier plans and tells them it’s not a price hike for those who want to read it.

I say that if you’re happy with the plan you’re on, stay with it. If not, switch to something you can afford. Don’t let the breach prone company tell you what you the customer should have for your service.

Have fun with this one.

Comments (0)

Software updating

Why do you think it is important to update software? Windows anyhow pushes updates to us, but there are other pieces of software.

The Mac also gets updates, although I don’t think it pushes updates to you.

IOS pushes updates to you.

Android … that’s another story.

How about your apps? The ones on your phone get updates, so do your windows apps too, although they should be phoning home and asking if it needs to be updated.

“But Jared,” you start, “I don’t want the latest as it can break accessibility.”

I feel you. There have been some apps in the app store that indeed break accessibility. Shame on those apps!

But if done correctly, updates to Windows, Mac, and your various apps whether it is windows or mac have updates to plug security holes that may be known to actors.

There are two terms that track bugs. They are:

• Common Vulnerabilities and Exposures
• Common Vulnerability Scoring System

Both are described on their pages, but one deals with the scores these bugs get and the other is dealing with sevarity type like low, medium and high. If I’ve confused these, someone please ping and correct me!

On this week’s podcast, we’ll talk about why software gets updated and it isn’t just from your operating system and why it should be part of your strategy on being safe online.

Hope to see you Wednesday!

Comments (0)

Question: What is Quishing?

Quishing is known as QR code Phishing.

I have used a few of these, and it doesn’t seem that accessible with Voiceover.

I recently had someone assist me to go to a video about things i’ve received in a big backpack.

Again from Malwarebytes, this article asks the question: Explained: Quishing

I hope you take a look at this one.

Comments (0)

3 crucial steps people are not taking: strong passwords, multi-factor and AntiVirus

Today is the Malware Bytes Newsletter. In this article we’re going to talk about three steps people aren’t taking when it comes to CyberSecurity.

While some people I talk to understand the reasons for using something like a Password Manager, they don’t because they just want to get shit done. They don’t want to use software that could in theory lock them out if they forget their “Master Password” as Lastpass made me relogin on my phone.

One thing they didn’t mention is the fact that your Master Password should be easy for you to remember, but of course, not used anywhere else. So I’ll add that.

While the article talks about AntiVirus software and the fact that lots of people don’t use it, I can say that most of the AntiVirus software we know about are not accessible to the disabled community whether you’re blind and use a screen reader, deaf-blind and use a braille display on top of that reader, or disabled in other ways where the software is hard to use with the tools you use on a daily basis.

While I’m getting better on making sure my accounts are as secure as possible, I’m still guilty as charged when it comes to some of my passwords being used in multiple places. Item one of the three items is saying that we need to have a password that is unique and gives you a password as an example.

Item 2 talks about multi-factor authentication. The numbers are staggering between the strong passwords and using multi-factor authentication, otherwise known in some steps as two-step or two-factor authentication.

Finally, the third is AntiVirus. If nothing else, use MalwareBytes. It is accessible enough with a screen reader at least. I don’t know about braille use, but I do know about reader use.

To read the whole article please read 3 crucial security steps people should do, but don’t from the Malwarebytes blog.

Yes, they even criticize the industry about AntiVirus, as it does do more than malware and viruses. It can protect you from Ransomware. These guys have.

Make it a great day!We’ll have more really soon.

Comments (0)

Oh Don’t Forget closing, others gone, but one still here

Some years back, I talked on my podcast about services that could be used for reminders. While they differed slightly, Oh Don’t Forget and Snoozester were two good ones.

The other site which we can’t link was called Waker Upper.

All had their days and I used them all for what they offered.

So far, Snoozester still seems to be operating, and searching for free or low cost reminder services ar meant for those who are professionals. Sound Bite was good for sending messages back and forth, but now they do reminder services and things of that nature for professionals.

I try to see what’s there in the space, cause I may just want a reminder to do something and the reminders app on the phone just bugs me. I don’t need to be notified every time I unlock my phone to send the football schedule at 3 PM on Wednesday. But I use the reminders app for that because there’s an end date where I don’t need it.

Waker Upper and these other services were good at just reminding me and leaving me alone. Another service I used which sent by email was Go Ping Me.

But sadly, a lot of these services are now either reduced to business use, or not existing anymore.

I tried to figure out what to use for reminders of things and Oh Don’t Forget and Snoozester came to mind. Oh Don’t forget wasn’t even giving me my text messages as it explains on its notice to close.

I don’t necessarily blame them, but I did leave them feedback as well as a refund request which they’ll honor.

If there is a service that you’re using, please drop a note in the comments and let us know. I’d be curious on what’s out there for people who may not want to set everything up on a smart device.

And yes, I could use my lady A device as we call it, but if I’m not home, and a reminder pops up, I’m not going to hear it although it could in theory pop up on my phone.

Let’s see what else is out there. Thanks for listening and reading!

Comments (0)

From Cybercrime Wire: man is charged with a huge amount of charges, and it goes back to an older case

From Cybercrime Wire:

Prosecutors in Finland have charged a hacker, accused of the theft of tens of thousands of records from psychotherapy patients, with more than 21,000 counts of extortion. “The suspect is held on remand and has denied being guilty of the offences,” the national prosecution authority said in a statement on Oct. 18. The prosecutor is seeking a seven-year prison sentence for the defendant, Aleksanteri Kivimäki, who was formerly identified as Julius Kivimäki. In the 2018 breach of the Finnish firm Vastaamo, which oversaw dozens of psychotherapy centres throughout the Nordic nation, the private treatment records of tens of thousands of patients were stolen. After stealing the records, Kivimäki initially sought to extort more than €360,000 (£312,000) in bitcoin from Vastaamo in exchange for not leaking the records.

The Full story is from The Guardian, and its titled Man accused of Finland psychotherapy hack charged with 21,000 counts of extortion.

The article goes on to talk about the arrest, and other very interesting stats.

One sentence should sum it all up.

Kivimäki was also charged with 9,598 counts of dissemination of information infringing on personal privacy.

My question is “Why 7 years?” This is stealing data and trying to sell it.

This is data on therapy sessions that are supposed to be confidential so the patient can get treated for whatever the session is to treat.

Further reading from the blog:

• Hacker charged, hacked psychotherapy center, demanded ransome and went after patients to pay
• Now, … for a random breach … a psychotherapy center
• We’ve got an arrest, Krebs does a great job on this one
• The Security box, podcast 120: News Notes and the shopping landscape (podcast)

Please feel free to check out the blog posts, the recent article, and sound off. Commenting here is free and registration is free.

Comments (0)

I’ve seen this article cross my desk a few times now

This is the latest boost that caught me to read this article dealing with accessibility.

It says:

Jeffrey D. Stark: Boosting Helidonkey (ednun_p): My good friend Liam recently wrote an article about how several tech firms are somewhat screwing over blind people. see what you think: https://www.theregister.com/Print/2023/10/16/apple_lenovo_blind_fail/

The link, leads to this article by Liam Proven titled Apple and Lenovo are dropping the ball for visually impaired users. The sub title is: “Accessibility features help everybody… and one day, you might need them too.”

I read this fully, and I completely agree. Several people were mentioned in this article, I know of one, but you may know them personally.

We, the blind and visually impaired, aren’t going anywhere. While one person baught something and a price match apparently passed, if the company was mean about it, that’s one thing. But if let’s say it took the whole time to ship even while they were price checking, you want to make sure the product works well.

I would urge everyone to read this, as there are links to various blind terms and things to be aware of as well as some statistical stuff too.

I hope everyone is well. More later!

Comments (1)

Google ads and a program called Keypass get tied up in this malvertising problem

Michael in Tennessee sent this article to the TSB Email list. Find a link within our link role on our blog.

The article talks about how its hard to deal with deceptive ads when the site looks pretty convincing, pointing to the original site but yet there are similar characters.

This is because characters within the URL are written in punycode. Security Now, I believe has talked about this type of code, and I sure wish I had time to listen to all my podcasts like this one.

I don’t know how access technology handles punycode, seeing that it mixes characters from what I can gather.

This Ars Technica article that Michael sent is titled Google-hosted malvertising leads to fake Keepass site that looks genuine.

I am not sure we’ll be affected by this, just because they use advertising through platforms, however, we do need to be aware of this just the same. Let the knowledge begin!

Comments (0)

Redmond fixed a very interesting error

I’ve not posted much recently, and stopped when I saw Brian Krebs boost Bleeping computer with an article about Windows Update and Windows 10. Specificly, the update causes the PC to give an unknown error with letters and numbers.

By now, the fix for the affected knowledge base article linked within the article should be fixed and you should be able to install the thing.

Microsoft fixes Windows 10 security update installation issue comes from Bleeping computer and it may be a read for you if you were having trouble and want to know why.

Comments (0)

The Security box, podcast 165: Week 3 of NCSAM: credit cards, debit cards and the landscape

Hello folks,

Welcome to the Security Box, podcast 165. On this program, we’ve got plenty to keep you entertained including news and the landscape, a discussion on two morons, and Nick and I got in to a discussion of credit cards, debit cards, the various payment systems, alerts and more.

For those who do not have RSS, here is the 147.3mb file for you to download.

Next week, we’ll talk about software.

Now, here are the show notes with links to things if you wish to have them.

---

Welcome to the security box, podcast 165. We’ve definitely got at least one stupid moron award, that could be taken in two different ways. Next moron, Twitter, in an interesting move on charging non-paying users for access to twitter $1 a year according to their own twitter notification I saw. The topic this week is going to be on Credit cards, debit cards, online VS offline shopping and what we can do.

---

The Stupid Fuck awards

This blog post was written after listening to a program on the Cyber Crime network. It talked about TikTok being sued by Utah because they want children on the app. But we think its more than that. Utah may also get this award as a double whammy because “this is what social media is,” says TSB staff and Throwback staff. You be the judge!

Next, Twitter Support says that they’ll be testing a payment method for those non-verified accounts to pay $1 a year to get access to the service. I forget what country it is, but you can look it up on twitter support’s account. If successful, they will bring it elsewhere, and they also could get the stupid fuck award. Good job, guys.

---

Credit cards, debit cards and more

The question is, How should we be using credit cards and debit cards online? Let’s discuss this and take it much further. Let’s discuss what we can do to use this offline as well.

---

Supporting the podcast

If you’d like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can’t do this alone.

---

Internet Radio airings

Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!

Comments (0)

I got them all riled up

Its not even starting time and I’ve gotten TSB’s team thrown up. To be fair, some are part of Throwback too. But still, its all by choice.

The reason everyone is riled up is an announcement that twitter support posted yesterday. To be clear, I don’t remember what country they’re doing this, but I can only imagine that they’ll roll it out to the rest of us.

BTW, several of us have multiple accounts. So keep in mind what I’m about to say when I post this.

Twitter posted yesterday tht they would in theory charge non-verified users $1 a year to have access to the site and they’re trying it out in one country first.

You’re saying $1 a year isn’t a big deal, and its not. But Social Media, IMHO, should not be paid for by people unless they want to. LinkedIn has premium, but its premium. Not Linkedin (gotta pay a dollar to access it) for free, its linkedin free and linkedin premium.

Sorry Twitter is losing a shitload of money, they were doing fine until Mr. Muck (Musk) baught it and fucked it up. Good luck convincing my users to pay a dollar for your piece of shit you broke when you fired the accessibility team and got rid of third party apps.

Oh, and how’s Reddit going now? Is it still the same, or did it start failing because they saw what Twitter did and didn’t give a fuck what we had to say when we could’ve said something when Twitter did?

Several of us did in our own right, one by social media, the JRN by blogging. So, let’s see what finally happens in the end, right?

Comments (0)

How should we be using credit cards and debit cards online and in person?

Hello folks,

A little late for this week’s topic, but better late than never, correct?

Let’s see what we can do about credit cards, debit cards and usage online.

First, we must be aware of the fact that a secure connection is presemt. Since the color of the title bar might not be present, we have to make sure that the URL says “https” as its beginning and not “http” as its beginning.

Remember that the quote marks are in the article, it won’t be in the url itself.

So, let’s give an example. Let’s use this blog’s long form address technology.jaredrimer.net.

If you go to technology.jaredrimer.net, you might see something like this. You might see https://technology.jaredrimer.net as we have turned on secure everywhere on our sub domains.

Some years back, the title bar of firefox had changed to green for secure server connections, but that is not the case any longer. According to Be My AI, which analyzed https://technology.jaredrimer.net on October 16, 2023, there is a lock icon that is green, while the rest of the title bar is the browser’s color. Yours may be gray or white, according to BeMyAI.

Be My Eyes

With the fact that more sites are using the secure certificates, we need to be more caucious than ever. In one webinar, which I believe is a Phishlabs webinar, the number of actors that have certs are well over half.

We expect most of the sites that are malicious to be fully secure very soon if it isn’t already. This makes this much more difficult to make sure you’re entering your data at the right site. However, there are things we can do.

<
• First, make sure you’re on the proper site. For example, if you’re looking for walmart, make sure you’ve got the proper site.

  web site

• Make sure that you’re on a secure page, most times you should be. Don’t necessarily worry about what’s after the TLD, each site is programmed differently.
• Most sites do not take any type of crypto currency. Because sites can be compromised, if you see crypto currency options, make sure the site you’re on does in fact take the specific currency.

What else should I do?

I’m glad you asked! Besides making sure you’re on the correct merchant site, using Walmart as an example above, make sure you’re using a digital card and not your physical card. These are better known as a virtual card.

Why should I do that? Good question again! With all of the breaches we’ve been covering between the technology podcast and the security box, we’ve had a huge number of them. Data Breaches, a recent site I’ve been following and recommended by security experts to view, they cover nothing but databreaches and we see posts every single day.

If you’ve got a debit card, you can go to a site like privacy.com which allows you to sign up and use virtual cards that are then charged to your debit card. Also, yyou can check with your bank to determine if they allow you to use virtual cards too.

The thing I like about this service is that each card you set up can be given a spending limit. Have a breach? Cancel that card and give the merchant a new one. No need to give out your regular card. Its protected by the fact that nobody actually has it.

What about Apple Pay? Google Pay?

Another great question. When shopping in stores, according what I heard on a recent Cyber Crime Radio program, it is recommended to use Apple Pay or Google Pay over your credit card. I’ve used my credit and debit card through apple pay, and both cards have different identifiers that are associated with your device. Its also encrypted just like the secure connection that you need to be on when doing these Transactions online.

Anything else?

Maybe I’ll ask you that question. Is there something that I’m missing that you want us to cover on the show? Is there something else you’re doing that we should know about? Sound off in the comments and let us know if we should mention it on air.

Thanks for listening! Thanks for reading! And thanks for making that difference on making sure you’re as secure as possible. Together, we can make that difference.

Comments (2)

windows 10 end of life?

Hi all.
Well today I was bored and found this article right here.
https://au.pcmag.com/security/102146/microsoft-needs-to-get-serious-about-its-windows-10-upgrade-problem

Its about win10 and its end of life.
To be honest microsoft has really shot itself in the foot with this one.
I agree with the articles authors to be honest.
Win11 had a lot of issues in the past and while some may have been fixed there are still a few popping up.
I have delt with a win11 system that I maintain every 6 months.
There are issues after a mangled office refresh.
Usually I’d just reinstall everything but its not my pc and its only a problem with legacy code so its not a huge issue necessarily.

However my dad’s new system can take 11 and he chose not to.
He was a worker in the tv transmition industry he is now a retired homemaker.
And he has no plans to move.
I have friends some who work in security and they also have no wish to move to a new system due to issues it has had in the past.
Some of these have the latest machines and can get business deals.
I hear of issues from music playback to other stuff every day.
Win10 like 7 and like xp is stable.
The likely hood I will move to win11 is not high.
I brouse the net, access the bank and paypal for things, listen to youtube videos and from time to time do work on the system.
Now I guess if it comes to it and this box breaks I will get another system.
Chances are it will have 11 and then I will use it.
Or maybe I will just load 10 on it instead and take my chances.
I have enough issues getting blind games past the av scanner anyway and I don’t handle security critical stuff 99% of the time anyway.
Also I like the desktop and with all my tweaks to get past the stupid ribbon interface and other things I am pritty much hacking and cracking my way to a compatible system I even use old icon names.
I see no reason to bother.
And especially with all my conditions.
I don’t plan to upgrade ever unless I must.
If I must, I’ll get a system that runs 11 but have a system with 10 for most things.
And I agree on the recycling thing.
With all the environmental stuff going on I do think microsoft needs to rethink windows.
Firstly I’d get rid of tpm support or allow people to run without it.
Then I’d get rid of disk encription, the home user does not need it.
Worse I have had a situation where a system had a board failure and had to pay a hacker to crack the system and get the data off it.
Do microsoft realise how much a home user can’t afford stuff like this and anyway they shouldn’t need to.
Its my opinion of course but for practical reasons win10 should be the user os and anything over that should be for businesses.
It doesn’t need the latest features it can stay static like this till microsoft die we just need a stable system and we have on for the most part.
Thoughts welcome

Comments (0)

Small admin update

Hi all.
I haven’t been updating these pages in a while though when I am physically able I do have a quick popin.
So for those that don’t keep up with my personal blog where I post my life reasonably frequently you won’t know this.
My eyes are on a downhill slope to nonexistance.
So often I am in extreme pain.
I am taking medicattion for these but well there is that.
I have also a few otther issues, itts height of elergy season now so I am suffering with this.
One thing you will notice is the final removal and update of blindvms page well at least I hope I updated it right.
Blindvms is pritty much offline unless I can get the energy or ideas to power it back up with.
It was for virtual machines and other tech, but after covid, vmware workstation, me, several users annoying me on suggestions and life in general I have sort of gone off the idea of doing a cast at least for the moment.
I may do something later but unknown if I will ever get back to it.
The sites mixcloud and anchor are still available but I have not really pushed further into that in fact I am trying to get off the console where and whenever I can.
I can’t work as long on here and its unnecessary anyway.
I have also an extended family, a nefew who I am trying to do things with and catching up with people and life outside the matrix.
I’ll be back, I’m not going anywhere, just thought I’d let everyone know I still am here is all.

Comments (0)

What are compromised credentials?

What are compromised credentials?

Compromised credentials are those who have been stolen either via a data breach, or through other means. I don’t want to say that all stolen credentials are of error by companies.

Let’s say two people agree to share a password to a site they use. Something happens, one takesadvantage and does something with the account. In my view, that becomes stolen credentials because it isn’t authorized. But I guess it technically isn’t because it was first authorized.

Fine, I could see that as a bad example. This September article has some startling numbers that might make people think whether they’re using the same password elsewhere.

It comes from from The Hacker News and is titled Are You Willing to Pay the High Cost of Compromised Credentials?

If you really want to learn what credential stuffing is, this does a good job of explaining this and other things you can do. Although it is business related, I have different passwords for my stuff, and none are the same.

Comments (0)

Older Posts »

go to sections menu

---