go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: July 2024

Go to Homepage [0], contents or to navigation menu

MalwareBytes says: Disney’s breached

We earlier blogged about whether Disney was breached. Now, it seems that it is confirmed, although the article by MalwareBytes seems to be the same in certain circumstances.

Their article is titled Disney “breached”, data dumped online so read both posts including the article from my original posting on this and report back what you think.

Comments (0)

Why do we have traffic lights and their controlers online on the Internet?

When I first read the article Hackers could create traffic jams thanks to flaw in traffic light controller, researcher says I thought it sounded interesting until I read that a researcher was actually sent legal paperwork about their research.

Andrew Lemon, a researcher at cybersecurity firm Red Threat, published two blog posts on Thursday detailing his findings of a wider research project investigating the security of traffic controllers.

A later paragraph says:

Lemon said he tried to see if it was possible to trigger a scenario like the one shown in movies like The Italian Job, where hackers switch all lights in an intersection to green. But Lemon said he found another device called the Malfunction Management Unit prevents that scenario from happening.

“You can still make changes to the lights and the timing. So if you wanted to set the timing to be three minutes one way and three seconds the other way. Basically it’s a denial of service in the physical world, so you could clog up traffic,” said Lemon.

The company who sent paperwork says:

“We only accept vulnerability reports that relate to Q-Free products that are currently offered for sale. We do not have the resources necessary to consider analyses of outdated items,” read the copy of the letter, which appears to be signed by Steven D. Tibbets, Q-Free’s general counsel.

If that’s the case, than just tell them! This company should not be sending a legal letter, but should be up front to the researcher. They are out there to perform testing and responsibly report this to the company.

It is of course up to the company to do nothing and say that it is not valid because they don’t sell it and that customers should upgrade. That’s their right.

The copy of the letter said that the device Lemon analyzed is not for sale, and that the way he and Red Threat researched it may have been a violation of the anti-hacking law, the Computer Fraud and Abuse Act. The company did not specify how Lemon’s research could have violated the law. The letter then asked Lemon and Red Threat to commit that they would not publish details of the vulnerability because it could hurt national security.

This is the paragraph that gets me upset. As I said above, being up front would have been better than sending this.

They continue:

“We also urge Red Threat to consider the impact of publication on the security of critical infrastructure in which Q-Free devices are used. Contrary to your stated aims of improving cybersecurity, publication of vulnerabilities may encourage attacks on infrastructure and generate associated liability for Red Threat,” the letter read.

They also told Tech Crunch:

Q-Free’s spokesperson Trisha Tunilla told TechCrunch that “it is important to note that the controller in question has not been in production for nearly a decade.”

They really had no further comment on the legal letter except that it was customary.

If I were the researcher, I wouldn’t send them anything else, this is irresponsible.

They also continue:

“Our records cannot confirm that all these controllers have since been updated. However, if any of these legacy controllers are still in use, we strongly encourage customers to contact us immediately so we can provide guidance and a path forward,” Tunilla wrote in an email.

They have no fucking idea whether their controlers are upgraded? What kind of company is this! Inbventory of your assets. Have you heard of that or do you really not give a fucking shit? The researcher was trying to help your sorry asses out and this is what you right to a publication? Really?

Here is what the spokesperson wrote about the legal letter.

Regarding the letter sent by Q-Free’s general counsel, Tunilla said that “it is our standard procedure to have our legal department respond to inquiries like this.”

So get legal counsel involved and make the researcher feel bad for doing their fucking job. Great public relations.

Lemon said that during his research he also found some traffic controller devices made by Econolite exposed to the internet, and run a protocol that is potentially vulnerable.

The protocol is called NTCIP and it’s an industry standard for traffic light controllers. Lemon said that for the devices that are exposed on the internet, it is possible to change the values in the system without being logged in. Those values, he said, could control how long the lights flash, or set all the lights in an intersection to flash at the same time.

Lemon said he hasn’t reached out to Econolite as the NTCIP issues are previously known.

Sunny Chakravarty, the vice president of engineering at Econolite, confirmed this when reached for comment. Chakravarty told TechCrunch that the Econolite devices tested by Lemon have been end-of-life “for many years, and all users should replace these older controllers by appropriate newer product models.”

“Econolite strongly recommends that customers follow best practices for network security and access control for all safety-critical equipment and restrict access to such equipment on the open public internet,” said Chakravarty. “The actions on the controller performed by the author would not have been possible if the device was not exposed to the open internet.”

I wouldn’t blame the guy not to contact the company since vulns are already out there.

Read the full article, this is absolutely fucking crazy.

We have selected this as this week’s topic. Have fun with it! Just read the full article and not wjhat I quoted. There’s more.

Comments (0)

Big Global outage caused by faulty software update

Let me make this clear, I’m unclear if this is Thursday or Friday morning we’re talking about, but we do know there was an outage that caused massive issues.

At this time, I’m going to link to KNX’s article which does a great job of covering this in their own right.

They are a news agency, but I feel this is the coverage I can give you right now.

The article is titled A faulty software update causes havoc worldwide for airlines, hospitals and governments.

Let’s remember that Crowd Strike is no different than any other company. Let’s also remember that this can happen to anyone and any software company pushing updates out.

When I get to the tech press, and the article I read has more or a different view than what we have here, I’ll share it.

Be well and safe travels!

Comments (1)

Will we find out if Disney is hacked?

In an article by Graham CLULEY, comes an article that talks about a hactivist group called NullBulge. The apparent amount of data taken came from slack channels and is about 1.1TB in size.

The information taken could have come from at least 10,000 slack channels which contain messages, files, SSN data and more.

Disney will more than likely go after whoever hacked them as they have the resources to do so.

I’d say that this is preliminary, and nothing is known yet.

Feel free to read Graham’s article titled Disney hacked? NullBulge claims to have stolen 1.1 TB of data from internal Slack channels for more.

Comments (0)

Kaspersky closing U.S. operations

I recently blogged about how bad Kaspersky was treated in a move that is still unfounded in my opinion.

Even Though Kim does a great job in this coverage of the timeline of when they started selling their own software here, this article by Kim Zetter still has no basis on getting rid of the company.

I’ve always known them to be a reputable company, and I thought they might have been around as long as F-Secure, but I could have been wrong.

I really don’t feel like going on a second tyraid about this, so I’ll let Kim’s article titled Kaspersky Lab Closing U.S. Division; Laying Off Workers speak for itself.

What a shame this is for this industry.

Comments (0)

RansomHub strikes again, attacks Rite Aid

Rite Aid is a pharmacy chain but also sells other things within its stores. We used to have a location down the street from where I live, but it has since been closed.

Rite Aid

Unfortunately, or bmaybe not surprisingly, Rite Aid has been through this before.

blog post from July 2023

Like that article that is linked to from that 2023 story, Rite Aid again did not mention any particular number, although RansomHub does say its about 43 million.

Also, according to this article, this attack came in June, and they have since restored their systems.

RansomHub Rite Aid leak

According to the general description we get from picture Smart from Jaws, a screen reader for people who are blind, it says:

The image shows a status update for the website “www.riteaid.com”. There is a countdown timer in red displaying “13D 21h 39m 39s”. Below the timer, it lists the number of visits as 49, the data size as 10 GB, and the last view date and time as “07-12 14:19:51”. At the bottom, there is a date and time, “2024-07-11 04:13:07”.

The give more detail is about the same for both models

We don’t believe that the same info is leaked, but the article does say that there is a lot of data that they could release as RansomHub has done in the past, to the highest bidder.

For full details, please read the article titled Rite Aid confirms data breach after June ransomware attack so you are educated on what’s going on.

Stay safe!

Comments (0)

Cybernews reports: AT&T paid hackers to delete data

This is a double edge sword, right? You’re damned if you do and you’re damned if you don’t.
I understand the side where you pay to delete data because it looks bad for your company that you fucked up. But on the other hand, the hackers could come back for more.

As we’ve learned, AT&T was hacked as part of at least 150 companies including Ticket Master and others previously covered within this blog and other media coverage around the web.

With that said, AT&T can now be double extored if not more extorted because they know they have the money to pay to supposedly delete the data.

We know from experience that we can’t trust these stupid fucks who decide that this is their mission to fuck with as many companies as they can; whether small companies, or large.

The hacker supposedly provided video evidence showing that the stolen data had been deleted, according to Wired’s latest report.

Really? We know its not completely deleted if you run a program that could recover deleted items. Back in the day, Norton had such a program where I was able to recover files I’ve accidently deleted but weren’t in the recycle bin. Don’t let this paragraph fool anyone! To permanently delete data, you must run a program that overwrites the portion of the drive that had it in the first place.

The company communicated through another hacker known as Reddington, who represented a threat actor from the hacking gang ShinyHunters.

Reddington alleges that the video evidence provided by the hacker shows that the only copy of AT&T’s stolen data has been deleted.

This isn’t the first run in with the threat actor known as Shiny Hunters.

On May 17th, 2024, The company paid 5.7 Bitcoin, which was $373,646, Wired confirmed the transaction through an online blockchain tracking tool.


Former NSA hacker Jake Williams has a hard time blaming Snowflake for the breaches.

“They had to balance customer adoption with ease of use and didn’t force users to employ stronger security settings. But those more secure configuration options were available. This is akin to a car in the 80s that had seat belts but no alarm for unbuckling. If the manufacturer provided a safety option you chose not to use and you get hurt, whose fault is it?,” Williams said.

To read the entire article, please read Cybernews and their coverage titled AT&T pays threat actor $370,000 to delete stolen data – media and stay safe!

Let us know what you think.

Comments (0)

Here are some thoughts from someone on Mastodon about the recent AT&T breach

We have already blogged the article linked within, but this post that I’m about to share here is of importance.

Lots of coverage of the AT&T breach will be out there, and while this leads to the tech crunch article I was initially sent on Friday, we’re reposting here with the thoughts of someone who was talked to.

BrianKrebs: Boosting racheltobac :verified: (racheltobac): Let’s breakdown how the AT&T breach will impact us at home and at work and what we can do to protect ourselves.

The AT&T breach includes numbers called and texted, the number of call and text interactions, the call length, and some people had cell site identification numbers leaked (which leaks the approximate location of person at the time that the call or text was placed).

How does this breach increase risk for us at home and at work?

1. Social Engineering Risk
The believability of social engineering attacks will increase for those affected because attackers know which phone numbers to spoof to you.
Attackers can pretend to be a boss, friend, cousin, nephew etc and say they need money, password, access, or data with a higher degree of confidence that their impersonation will be believable.

2. Threaten, Extort, & Harm Risk
This stolen data can reveal where someone lives, works, spends their free time, who they communicate with in secret including affairs, any crime based communication, or typical private/sensitive conversations that require secrecy. This is a big deal for anyone affected.

For celebrities and politicians, this information getting leaked greatly affects their privacy, physical safety, sensitive work, potentially even national security because the criminals have a record of who is in contact with whom, when and sometimes where.
The criminals could extort those people who are trying to keep that information (rightly) private, they could threaten their physical safety at the locations revealed in the metadata, they could pretend to be the people they called and texted often and ask for money, sensitive details, and increase the likelihood of successfully tricking that victim.

For those experiencing abuse or harassment, the impact of this breach is terrifying for their physical security and beyond as they need to keep their communications private to those that can help them get out of their abusive situation.

3. Increased Believable Phishing Attacks via Call, Email, Text, and Social Media Risk

If a criminal knows your phone number has regularly called a phone number belonging to a specific Bank, Doctor’s Office, Government Office, etc then they know exactly who to pretend to be when contacting you and attempting to trick you.

For example, the criminal could pretend to be the bank that you interact with, spoof the bank phone number with an app from the app store, and say there is a problem with your account and suggest money is transferred to “protect the account” (a common scam), or could “help change a password” (another common scam) to gain access to the account and drain the funds.

In short, if a criminal knows WHO you interact with — then they know WHO TO PRETEND TO BE to be when they try to trick you in a phishing phone call, email, text message, or social media direct message.

When criminals impersonate people or organizations that are trusted by their victim, the criminal is more successful in their attack.

4. Link Sensitive Political, Business, and Interpersonal Interactions Risk

When a criminal has a list of which phone numbers interact with whom, they are able to link sensitive interactions, communications, deals, crime, etc together.

This will impact those in national security, defense, policy, government officials, celebrities, politicians, everyone whose privacy is affected here.

Because phone numbers are linked to people’s names and jobs via data brokerage sites, data breaches, LinkedIn, etc it’s easy for criminals to start to associate phone numbers in the breach to people those victims have communicated with.

This of course creates risk for anyone in sensitive communication with other government officials, can leak sensitive business deal communications and timing, leak someone’s potential involvement in a sensitive situation, etc.

*So, what can I do to keep myself, my family, and my organization safe and secure in the wake of this massive breach?*

– Be Politely Paranoid: recognize that your contacts and phone/text message interactions could be publicly available and increase the risk of social engineering, phishing, etc. Use 2 methods of communication to confirm people are who they say they are before sending money, sharing sensitive data, etc.

– Stop Reusing Passwords: if criminals know who we trust then they are able to pretend to be those people or companies to us, increasing phishing believability (when the criminal knows which bank we use, their phish is more relevant). Using a long, random, and unique password for each account helps ensure that you protect your accounts, even if one gets hacked/tricked out of you due to this breach.
Additionally, criminals can look up which companies we contact and trust from this breach then look up our phone number in other data breaches to gather passwords breached previously then use those stolen & reused passwords against current accounts to steal data/money without ever needing to phish folks in the first place.

– Turn on MFA (Multi-Factor Authentication): communications and companies we trust are less private now because of this breach so we need to protect our accounts with a second factor when logging in even more. This ensures the criminals can’t just find or phish passwords then gain access to take over the account immediately — I recommend app based MFA at the very least for many high threat model folks. If your family has lower comfortability for added technology, SMS 2FA is much better than nothing. If your threat model is extra high (in the public eye, etc): move toward a FIDO solution like YubiKey, etc.

– Use Encrypted Communications: encrypted communication help us avoid this specific type of data leakage in the future. There are many encrypted communication options including Signal, etc. Choose the one that is right for you.

Thank you @lorenzofb @techcrunch for chatting with me about how this breach impacts risk for everyday folks, celebrities, politicians, and more: https://techcrunch.com/2024/07/12/what-the-att-call-records-data-breach-means-for-you/

If you want the original article that I read from Tech Crunch: here you go.

Items 1-3 will be more for us than item 4, but all should be read as I have no idea who is reading this blog and may not be aware of the discussion around this breach.

If you want my blog post, just use the link and read what I have to say as I take apart the article.

There’s a lot here at steak, and this goes more than just one phone carrier to another. This … is huge. I’m happy to share what we can do to protect ourselves and this post here I think is worth sharing.

Comments (0)

X is now calling for criminal prosecution of its ad boycot perpetrators

Since I’m not a lawyer, I can’t speak to whether this will be successful or not. But reading this article carefully, it seems like there’s no case here.

I personally believe that the advertisers had every right to back out of advertising on the platform and that there’s nothing here.

Elon Musk calls for “criminal prosecution” of X ad boycott perpetrators is the article.

I’ll have to let it tell the story, amd we’ll let you guys tell me what you think.

Comments (0)

Today on the Throwback Saturday Night program

This week, we’re going to play the timeline article dealing with Luries and their fiasco.

Then, what major phone carrier is now part of the breach tthat we’ve been talking about that has been so ignorant to say they didn’t have anyproblems bu reset passwords anyway?

Which Kingpin who has been around with banking trojans before they became part of ransomware was recently picked up after a decade at least on the run?

What type of platform was hijacked thanks to DNS Hijacking and what is DNS hijacking?

What type of oil was fake and a million dollars of it was picked up and possibly sent through spam to get people to buy?

What major spyware company just got pilfered again?

All of these questions will be answered today as part of throwback, the independent channel, starting at 6 PT, 8 CT for the security stuff.

The Independent channel 6 PT, 8 CT for the security hour. 5 PT for throwback’s music section.

Comments (0)

Natorious Kingpin, your game is over with Zeus and your criminal empire: pay up!

This has got to be one of the biggest stories out there. Its a wired story which was tooted out through Mastodon and a great one at that.

Here is some of what I want to highlight about this article.

For more than a decade, Vyacheslav Igorevich Penchukov—a Ukrainian who used the online hacker name “Tank”—managed to evade cops. When FBI and Ukrainian officials raided his Donetsk apartment in 2010, the place was deserted and Penchukov had vanished. But the criminal spree came to a juddering halt at the end of 2022, when he traveled to Switzerland, was arrested, then was extradited to the United States.

Today, at a US federal court in Lincoln, Nebraska, a judge sentenced Penchukov to two concurrent nine-year sentences, after he pleaded guilty to two charges of conspiracy to participate in racketeering and a conspiracy to commit wire fraud. United States District Judge John M. Gerrard also ordered Penchukov to pay more than $73 million, according to court records. The court also ordered three years of supervised release for each count and said they should run concurrently.

Both charges carried a maximum sentence of up to 20 years each. According to court documents, however, the US government and Penchukov’s lawyers both requested a less severe sentence following him signing a plea agreement in February. It is unclear what the terms of the plea deal include. At the time, documents show, Penchukov could also face having to repay up to $70 million—less than the combined amount he’s ordered to pay in restitution and forfeited funds. “I understand this, but I don’t have such amounts of money,” he said in court earlier this year.

Ahead of the sentencing, the Department of Justice refused to comment on the case, and the FBI and Penchukov’s lawyers did not respond to WIRED’s requests for comment.

When the Ukrainian pleaded guilty in February—a number of charges were dropped following him signing the plea agreement—he admitted to being one of the leaders of the Jabber Zeus hacking group, starting in 2009, that used the Zeus malware to infect computers and steal people’s bank account information. The group used the details to log in to accounts, withdraw money, and then send it to various money mules—stealing tens of millions from small US and European businesses.

“The defendant played a crucial role, a leadership role, in this scheme by directing and coordinating the exchange of stolen banking credentials and money mules,” prosecutors said in court earlier this year. They would steal thousands from victim companies, often draining their accounts.

Penchukov, who was also a well-known DJ in Ukraine, also admitted to a key role organizing the IcedID (also known Bokbot) malware, which collected the victim’s financial details and allowed ransomware to be deployed on systems. He was involved from November 2018 to at least February 2021, officials say. Investigators found he kept a spreadsheet detailing the $19.9 million income IcedID made in 2021.

The Zeus malware, linked to FBI-wanted Russian Evgeniy Bogachev, first appeared online around the end of 2006 and in part used keyloggers to steal people’s banking information when they entered it online. The cybercriminals would log into accounts and send money to people acting as mules, who would cash out the funds. “It was just a really big jump in capabilities,” Keith Jarvis, a senior researcher at cybersecurity company Secureworks, says of the Zeus malware. “The volume of it was so out of control, and the banks didn’t have a really good handle on it.”

Operation Trident Breach collared more than 50 people around the world in September 2010—with some members later being sentenced—but Penchukov wasn’t one of them. “It was quite obvious that Tank was tipped off,” Craig says. “There was no sign of him, and it was quite clean. You could definitely tell no one had been there a few days,” Craig recounts of the raid on Penchukov’s apartment. As detailed by MIT Technology Review, officials suspected corruption and family connections to high-level Ukrainian officials. Plus Russian investigators involved in the case “ghosted” other officials on the day the arrest was due to take place.

Since the Zeus gang were at their height, their particular brand of bank fraud—directly accessing victims accounts and moving money from them—has declined in prominence. Ransomware and data extortion, using cryptocurrency to launder money, has become the primary tactic of Russia-linked cybercriminals, earning them more than $1.1 billion in 2023.

This is some of the article as I wantedd to highlight.

As it shows, the shdow is right and crime will not pay. To read the entire piece by wired, Notorious Hacker Kingpin ‘Tank’ Is Finally Going to Prison will be your article.

Here’s the boost that I saw.

Selena Larson: Boosting Patrick Howell O’Neill (howelloneill): There are like six of us who closely watch everything that happens to Tank but for us six this is pretty big https://www.wired.com/story/vyacheslav-igorevich-penchukov-tank-zeus-malware-sentencing/

The thing I don’t think I quoted in here is something I find hard to believe. The suspect says he doesn’t have the money to pay, but yet, why did he do it to begin with? The U.S. doesn’t play when you fuck with people and steal their money.

Maybe he needs the stupid fuck award, and I’m ready to give it.

Comments (0)

Crypto platforms hijacked by DNS hijacks

DNS Hijacking is when someone gains access to your domain and points it somewhere else.

Apparently, Google has not yet turned on the ability for domains not to be transfered which is usually on by default or can be turned on.

Two factor was also disabled during the transition period.

Seems as though Squarespace hasn’t done anything about these issues but they can help get the domains back up and running on their platform.

Since I’m not versed on the crypto aspect, I’ll leave it to someone else to comment on that.

DNS hijacks target crypto platforms registered with Squarespace is the article here.

Comments (0)

fake olive oil no longer for sale

I saw this article from CTV and I thought about how I could cover something like this.

Remember that in the early days, we would get spam for fake product, and while this article doesn’t state that anything was sold, I could see the perpetrators deciding to use technology to try and sell the merchandice that they were packaging.

Some of the merch was ready to go.

Read this excellent article in regards to this breakup. Italian authorities confiscate almost US$1 million in fake olive oil is the article.

Thanks Stephanie for sending this along.

Comments (0)

Now its time to guess, who is next in the snowflake fiasco?

Hello folks,

What big name company, whose second breach this year is now part of snowflake?

If you happened to guess AT&T, you’re correct.

The person who assists me sent me this article this morning, and its titled AT&T says criminals stole phone records of ‘nearly all’ customers in new data breach.

In a statement, AT&T said that the stolen data contains phone numbers of both cellular and landline customers, as well as AT&T records of calls and text messages — such as who contacted who by phone or text — during a six-month period between May 1, 2022 and October 31, 2022.

AT&T said some of the stolen data includes more recent records from January 2, 2023 for a smaller but unspecified number of customers.

The stolen data also includes call records of customers with phone service from other cell carriers that rely on AT&T’s network, the company said.

AT&T said the stolen data “does not contain the content of calls or texts,” but does include calling and texting records that an AT&T phone number interacted with during the six-month period, as well as the total count of a customer’s calls and texts, and call durations — information that is often referred to as metadata. The stolen data does not include the time or date of calls or texts, AT&T said.

In all, the phone giant said it will notify around 110 million AT&T customers of the data breach, company spokesperson Andrea Huguely told TechCrunch.

AT&T said it learned of the data breach on April 19, and that it was unrelated to its earlier security incident in March.

Snowflake allows its corporate customers, like tech companies and telcos, to analyze huge amounts of customer data in the cloud. It’s not clear for what reason AT&T was storing customer data in Snowflake, and the spokesperson would not say.

AT&T is the latest company in recent weeks to confirm it had data stolen from Snowflake, following Ticketmaster and LendingTree subsidiary QuoteWizard, and others.

We know Snowflake has not been forthcoming when it comes to the fact that they had a problem.

Snowflake blamed the data thefts on its customers for not using multi-factor authentication to secure their Snowflake accounts, a security feature that the cloud data giant did not enforce or require its customers to use.

They’ve been saying this ever since we’ve been covering this fiasco, and they’re still saying it? WTF is wrong with this company? While I remember reading they started enforcing two-factor after the fact, the damage is now coming to life.

AT&T’s statement said it was working with law enforcement to arrest the cybercriminals involved in the breach. AT&T said that “at least one person has been apprehended.” AT&T’s spokesperson said that the arrested individual was not an AT&T employee, but deferred questions about the alleged criminals to the FBI.

An FBI spokesperson confirmed to TechCrunch on Friday that after the phone giant contacted the agency to report the breach, AT&T, the FBI and the Department of Justice agreed to delay notifying the public and customers on two occasions, citing “potential risks to national security and/or public safety.”

While I took portions of the article to give you some details, this is not the full article.

We can quote portions like this, but we can not write the article and call it our own. Find the article linked above and read the entire thing if you’re an AT&T customer. Its vital that you do!

Have fun with this one!

Comments (0)

mSpy gets pilfered again, this time, through Zendesk

Zendesk is a piece of software used in lots of companies that do technical support. It is a web based piece of software that can be installed through a web host control panel.

MSpy has been in the news because of its supposed software, and this article talks about the supposed company behind the whole operation.

The amount of data taken from Zendesk only affects this company and millions of customers.

Instead of me taking this apart, I want people to read this and comment through the comment boards.

Data breach exposes millions of mSpy spyware customers is the name of this article.

Have fun.

Comments (0)

Fujitsu confirms breach, unknown persons at risk

While the bleeping computer article indicates that the attack was not ransomware, it does say that 49 computers were affected by this intrusion and that they contained it upon noticing the issue.

While not ransomware, the piece of malware detected claims to have copied files, how many we don’t know.

list of 1 items
Print article
list end
is the article needing to be read.

Comments (0)

The Security box, podcast 199: Don’t be Blinded by Snowblind

Hello folks, what a show we had! The RSS feed has gotten a copy of the show, and we’re back to our 3-4 hours for affiiates.

We realize that some shows have been over 4 hours lately, and we’ve recently added an option to the independent channel’s schedule to play the full program after our sister show, Throwback Saturday Night and its security hour segment which may go over.

With that said, we want people to listen at their own time, so we also have every show on EMHS’s TSB directory page.

Here is the link to go to the directory for those who want it.

Here is the 168mb file

Now, without any further ado, let’s talk to you about the show notes by presenting them below. Remember our 200th episode next week!

Hello folks, welcome to the security box. On this edition of the podcast, we’re going to talk about something called Snowblind. We also have news, notes, te landscape; and something I heard via a podcast that we can discuss in regards to scams. We also have a laugh that might have you laughing as well. We hope you enjoy the program!

How about a laugh

We have a good one that we will read. Its not necessarily tech related, but worth the share. We even have a comment on it by Shaun. Here’s the link to the blog post. I hope you enjoy!

Don’t be Blinded by Snowblind

Our topic this week comes to us from Bleeping Computer Here’s my blog post and here is the article we’ll be taking from.

We hope you enjoy the program!

Comments (0)

Did you know there was a dark web monitoring tool by Google?

I spotted this article yesterday, but i got a chance to read it today. Its very vague, and it only says that we will be able to use it for free starting this month.

I didn’t know anything about Google One, so this was news to me.

While ZD Net talks about the basic functionality of what this is, I feel that we should get the word out about this and if we hear anything else, we’ll make sure to come back with any updates.

Google’s dark web monitoring service will soon be free for all users – here’s how to use it

Comments (0)

A new book for NVDA

I just spotted this one on Mastodon and thought people might find it of value. New users and old users alike of NVDA might want to look at this.

Darren Duff: Boosting David Goldfield (DavidGoldfield): Newly Added to BARD From NLS
Basic training for NVDA DB118858
NV Access. Reading time: 5 hours, 53 minutes.
Read by Mark Ashby.

Careers and Job Training

“The Basic Training for NVDA eBook is the first module in the official set of training materials for learning to use the free NVDA screen reader. This eBook is suitable for the new and existing user wishing to improve proficiency. Topics covered include: Getting started with NVDA and Windows, basic configuration, writing and editing text, document formatting, file management, multi-tasking, browsing the web, using the review cursor and object navigation.” — Provided by publisher.

I’ve not read this, so I can’t comment any further. If you read this, how was it?

Passing resources like this along is what we try to do here.

Let us know what you think.

Comments (0)

TikTok Mob attacks now? Time for TikTok to go

Middle schoolers should be punished in some way by what they’ve done. The article goes in to detail on what some have done, and this is not good.

As stated, cyberbullying has lasting consequences and it doesn’t matter how its done.

According to The Times, the Great Valley Middle School students created at least 22 fake accounts impersonating about 20 teachers in offensive ways. The fake accounts portrayed long-time, dedicated teachers sharing “pedophilia innuendo, racist memes,” and homophobic posts, as well as posts fabricating “sexual hookups among teachers.”

The Pennsylvania middle school’s principal, Edward Souders, told parents in an email that the number of students creating the fake accounts was likely “small,” but that hundreds of students piled on, leaving comments and following the fake accounts. Other students responsibly rushed to report the misconduct, though, Souders said.

Some students claimed that the group attack was a joke that went too far. Certain accounts impersonating teachers made benign posts, The Times reported, but other accounts risked harming respected teachers’ reputations. When creating fake accounts, students sometimes used family photos that teachers had brought into their classrooms or scoured the Internet for photos shared online.

I want to comment on this last paragraph in the set of quoted material.

Some students claimed that the group attack was a joke that went too far. Certain accounts impersonating teachers made benign posts, The Times reported, but other accounts risked harming respected teachers’ reputations. When creating fake accounts, students sometimes used family photos that teachers had brought into their classrooms or scoured the Internet for photos shared online.

What joke? Taking photos, saying a bunch of crap that wasn’t true and causing harm is a joke now? Fuck you!

Following The Times’ reporting, the superintendent of the Great Valley School District (GVSD), Daniel Goffredo, posted a message to the community describing the impact on teachers as “profound.” One teacher told The Times that she felt “kicked in the stomach” by the students’ “savage” behavior, while another accused students of slander and character assassination. Both were portrayed in fake posts with pedophilia innuendo.

Goffredo confirmed that the school district had explored legal responses to the group attack. But ultimately the district found that they were “limited” because “courts generally protect students’ rights to off-campus free speech, including parodying or disparaging educators online—unless the students’ posts threaten others or disrupt school,” The Times reported.

While Goffredo said teachers had few options to fight back, he also told parents in an email that the district is “committed to working with law enforcement to support teachers who may pursue legal action.”

“I reiterate my disappointment and sadness that our students’ behavior has caused such duress for our staff,” Goffredo’s message to the community said. “Seeing GVSD in such a prominent place in the news for behavior like this is also disheartening.”

There’s plenty more, and I bet TikTok will say absolutely nothing about this crap as they usually do.

Its time for them to be shut down. You don’t see shit like this on other platforms.

First-known TikTok mob attack led by middle schoolers tormenting teachers is the article.

Comments (0)

Older Posts »

go to sections menu

navigation menu

go to sections menu