go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: article commentary

Go to Homepage [0], contents or to navigation menu



Civil problems for companies that can’t talk about breaches?

OK, so I recently read a back dated article titled US gov’t will slap contractors with civil lawsuits for hiding breaches which was posted on Ars Technica.

As I’ve written in news notes, I don’t feel that companies like Colonial Pipeline and JBS Foods willingly put our lives and potential data at risk. I feel that the company who failed to patch their software in a timely matter that lead to a breach is more of the problem.

I think this article should be read and discussed, as it could bring a much needed change for all of us when it comes to knowing what is going on. I know I’ve got questions that may or may not be answered.

The good news is that companies will civilly be delbt with, not criminally delbt with, at least when dealing with the government problems, but is that the issue? Let’s discuss.

There’s more, read the article for more.

Comments (0)

NCSAM post 10: Use Android? Your phone may be handing over data, with no choice to discontinue it

I have two post 8’s, the last 8 should be 9, but I’m not changing it now. Here’s something in regards to Android, and I think I’m going to put this as an NCSAM article for today.


Hello folks. Welcome to another post here on the blog. Today, we’re going to talk about Android. Apparently, there’s a study that says that a phone that is minimally set up for service is sending tons of information to various companies like Microsoft and Facebook.

I worry about this as with IOS, you need to give permission to have apps access data, although I’ve heard in rooms that data is being sent to Apple without our knowledge as well. I’d rather trust Apple, as they’ve been known not to do what other companies have done.

The researchers intercepted and analyzed the data that was sent by the Android OS including the pre-installed system apps that we previously mentioned. The study assumes a situation where the device owner doesn’t enable his phone to share data but uses the default settings for everything else. The research team printed a chart that shows the data collected by each of the Android OS variants.

Here’s something else.

All of the companies whose Android OS variants were tracked shared information that can help identify a particular mobile device such as a handset’s unique
IMEI number. This data is transmitted along with data that the user can reset such as advertising IDs. But since the data is sent as a pair, resetting
the advertising ID won’t help the user since his device will always link to its IMEI identifier.

While I will be putting this as part of news notes, I’m wanting people to read the entire article Some versions of Android share users’ personal data with no chance to opt-out from Phone Arena to learn all of the details on what three well-known companies are doing at least with their stock versions of Android.

Sound off in the comments.

Comments (0)

Coin Base get an influx of users

Sometimes, sites get an influx of users, whether it was the mass exodus from What’s App when Facebook went down for 6 hours, phishing for credentials and being successful at it, or any other means that might have this happen to a site.

Today, we’re going to talk about a very interesting article that we’ve put in to our first item for news notes for Wednesday. It is a Krebs On Security article titled How Coinbase Phishers Steal One-Time Passwords.

A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are already associated with active accounts.

Coinbase is the world’s second-largest cryptocurrency exchange, with roughly 68 million users from over 100 countries. The now-defunct phishing domain at issue — coinbase.com.password-reset[.]com — was targeting Italian Coinbase users (the site’s default language was Italian). And it was fairly successful, according to Alex Holden, founder of Milwaukee-based cybersecurity firm Hold Security.

After poking around the phishing site, there is a pannel that will notify the actors when their victims enter credentials on to the site. Also, according to the article, they can push a button in real time that asks the victim for more information. Sounds scary and something in a movie, but yet, its starting to happen.

Pressing the “Send Info” button prompted visitors to supply additional personal information, including their name, date of birth, and street address. Armed with the target’s mobile number, they could also click “Send verification SMS” with a text message prompting them to text back a one-time code.

That puts another meaning in to two-step verification, yet they’re taking advantage of this by pushing buttons real-time.

I took a look at coin base’s web site before writing up the notes for it, and I must say, It Offers a bunch of info about crypto currency and various types of it to boot. I had no idea there were hundreds of crypto. I knew about Bitcoin, Litecoin, and Etherium and possibly a few others, but I saw some that I’ve never heard of.

Luckily, this campaign is not targeting the United States as of yet, signing up several million Italians first, says the article.

There’s plenty more I can quote and talk about, but I think you should read through to see all of the details. This is one that people should at least glance at, in case their favorite site may have this problem. Its definitely new and clever.

Comments (0)

Windows update, its time to update again

Its time to figure out when a good time to update will be. Windows had its update and as usual, our two major sources posted articles.Have you found a good time to update?

Trend Micro indicates that 11 of the 71 updates were submitted through the ZDI program. Only three of the patches were rated critical.

Krebs, on the other hand, covers the gamut of updates from Apple’s 15.0.2 to Adobe and even Windows and the miriad of CVE’s that are linked within both articles.

Comments (0)

NCSAM post 8: Verizon is getting phished now

Verizon customers, not the company is getting phished now. Verizon subscribers are the target of a phishing expedition; do not respond to this text message comes to us from Phone Arena.

The same day the Security Box was to air, I had signed up for a webinar dealing with 5 Things You Need To Know About Ransomware Before It’s Too Late begins in 1 hour – October 13, 2021 at 02:00 PMEDT. You may ">view and sign up for the web cast as the replay is available.

I bring this up in this post because one of the things even though it talks about ransomware, is that Phishing and Social Engineering are the steps that actors can take when it comes to getting information.

The article reminds us of the T-Mobile breach and what is going on there, but then goes on to say that Verizon customers may be getting similar things.

First of all, most Verizon subscribers have already paid their September bill so while it might seem that the text must be from Verizon since it knew that you paid last month’s invoice, as a Verizon customer this writer can tell you that the nation’s largest carrier doesn’t offer you a gift just for making your payment on time; heck, Verizon won’t send you a gift for paying your bill earlier than the due date. 

As I said in a previous post, I’ve seen messages identifying me by name, and telling me Thanks for paying my bill and offering me a prize too. That post talking about the T-mobile breach phishing expodition should be read too, as these two posts are related.

It would not surprise me if any of the other carriers around the country will be hit with actors doing the same thing.

You don’t need a smartphone for this, even flip phones with web capability could be used, as no application is ever downloaded. How do I know this? I’ve looked at these URL’s, and the prior post talks about what I’ve seen.

I’ll say that the paragraph I am quoting is specific to Verizon, I am not sure if it applies to T-Mobile or AT&T customers. That paragraph says:

With this information, you could lose control of your Verizon account while the bad actor changes the address, password, and other information. Once that is accomplished, this criminal orders expensive new phones that you’ll be paying for. The devices get sent to your account’s new address which is controlled by the crook.

I think the advice should be followed where it says that if you receive a questionable text, call the carrier to confirm things. Since I’ve seen how AT&T sends me free text messages, I know that there is a short code. The Verizon article linked here gives the short code to forward these bogus messages to. Please make sure you read both this article I link to here on this post, and the prior one for T-Mobile along with its accompanying article.

This seems to be a hot commodity right now, and this post is post 8, although both this and the prior post has the NCSAM tag i have on the blog.

This is valuable information. Please be aware of what is going on and stay safe. Know how your phone carrier sends you texts messages so you’re aware of what might lie ahead.

Thanks so much for reading!

Comments (0)

Haven’t updated to 15.0.2? Better think about it

In an earlier blog post, I linked to AppleVis and their coverage of IOS, Ipad and watch updates. This Phone Arena article titled Apple wants you to install iOS 15.0.2, iPadOS 15.0.2 and watchOS 8.0.1 ASAP goes in to more detail on this and even talks about 15.1.

YOu can read all of the details by clicking through to the article. Keep safe!

Comments (0)

Are you a T-Mobile customer? Better pay attention to this

In a batch of stuff that came from Michael in Tennessee, this one may be a little bit outdated but worth sharing anyway.

I’ve written T-Mobile as tmobile at times, and I think that needs to change. The reason is going to be clear when you read T-Mobile customers are receiving spam texts possibly related to August’s data breach which comes from Phone Arena.

The article covers the fact that actors are going around sending text messages apologizing for an outage that may or may not have recently occurred.

A portion of a paragraph says:

The text continues by noting that the person receiving it was “one of the 25,000 affected clients” belonging to the nation’s second-largest carrier. The bogus message goes on to ask recipients of the text to take a 30-second survey about T-Mobile (note in the image how the company’s name was written as Tmobile, something that the wireless provider would never do) in return for a free gift valued at $100.

Also, another paragraph states:

Pressing the link takes you to a new page where at the bottom, the truth is finally revealed. Reading the small print reveals the information that the company behind the survey is a marketing website that is not “affiliated” with T-Mobile. On that page is a button that says “Accept.” Don’t press it even if you feel pressured by the countdown timer on the page. And note that the October 1st deadline has already passed.

I’ve seen similar messages from various area codes about my payment being processed and that I get a free gift. Looking at the link took me to a page where I got to pay a $2 processing fee. Pressing the button on that page takes me yet to another domain where it asks for personal information including number if I remember right.

I’ve also seen these URL’s and they are not AT&T’s domain or any domain they claim to be. Its quite weird if you ask me.

Just be aware of this, know what’s out there, and make sure you check those URL links if you do press the link.

Comments (0)

NCSAM post 8: Phishing Tips to keep you safe online

This week seems to be a Phishing week. No, no, I’m not sending any phishing e-mails, but the topic of Phishing has been on everyone’s mind. I recently was on one of our Internet Radio channel’s shows talking about the landscape with folks on Teamtalk and Phishing was a topic there too.

I’ll be on that same program again this week, where we’ll go through the landscape again with the group. Not only am I doing that, but we also have a phishing article from Lastpass that we’re going to bring to everyone’s attention as well.

This time, Lastpass has the article Phishing Tips to Keep You Secure From Scams which I’ve been thinking about lately as well.

While I have an NCSAM topic for this week’s box, I don’t want to give anything a passup if I can help it, so we’ll blog this one.

Here are the tips which are headings in their article.

  • Carefully review messages from all channels
  • Make a habit of double-checking a sender’s email address
  • Trust your intuition
  • Your password manager can help you identify phishing sites
  • Be cautious of blindly accepting multi-factor authentication (MFA) prompts

All are good in their own right, but I definitely have been trying to encourage people to check those email addresses! Since Phishing can still be coming by email, and now there are more URL shorteners than the one I like we’ve mentioned, spotting email addresses as well as checking those links are important.

Trust your gut! If you think there’s something wrong, place a call to the company if you do business with them or delete that email or don’t respond to that direct message on social media!

If you have decided to use a password manager, if programmed correctly, the password manager should make sure that you are protected. When you save a password, it should capture the appropriate domain as well as your username and password. So, if you had an account on this blog and someone made a similar blog saying that you were on the technology blog and podcast, it knows what URL is the original by that name because it saves this blog.

I had that issue with Michael in Tennessee’s blog. I thought i was going to his blog, yet it didn’t fill in my creds. I ater looked at the URL I was going to, and it was completely different, and it didn’t let me log in even if I copied my creds from Lastpass or any other password manager I use.

I’ve not accepted any authentication requests as I’ve not gotten any. But when I do, its because I’m logging in to a site and need access to my app.

When I had facebook log in problems, I got texted and emailed by facebook, and while the emails were sent at night, I went to facebook’s site to confirm what was going on even though it identified me by full name.

Is there anything else that caught your attention on this article? Sound off in the article comments here on the blog, or better yet, subscribe to the TSB list by searching for the post on this blog on how to do that, or contact me for instructions.

Each heading which is listed above has paragraphs from Lastpass, but I decided to make my own and talked about what interested me about these headings. Feel free to read what they have to say, as its valuable information too. Some stuff may be linked as well, giving you more resources.

Stay safe! We’ve got a long way to go.

Comments (0)

NCSAM post 7: Insider threats, here’s a true story

Hello folks,

Ever think that an insider threat can’t occur? We know by word of mouth that AT&T had a breach that apparently was an insider threat, but now, we’ve got an article that says that there was a definite insider threat.

The article Former TD Bank, Bank of America employee allegedly helped email scammers launder money comes from Cyberscoop.

Three people were involved in this case and it was very well orchestrated.

An accused money launderer allegedly used his position as an employee at Bank of America and TD Bank to aid an email fraud scheme that scammed five businesses out of more than $1 million.

The U.S. Department of Justice announced Thursday that a grand jury had returned an indictment against three men — Onyewuchi Ibeh, Jason Joyner and Mouaaz Elkhebri — charging them with money laundering and aggravated identity theft. The defendants allegedly operated a business email compromise scheme, in which thieves pose as a business or associate in an email then ask a victim to wire up to hundreds of thousands of dollars at a time.

These are the first two paragraphs. Lots of links and even a link to their many articles tagged BEC which this could definitely qualify as BEC with all of the money taken.

There are plenty of linked content here as well as plenty more on the case. Feel free to check this one out.

Comments (0)

A company that has been hacked for 5 years? Is This Crazy?

I thought this story about a routing company being hacked for 5 years was quite crazy, but yet, that’s what it talks about. I know that a breach can take up to 191 days to be discovered, but this hack was from 2016 to 2021 when it was discovered.

My question is, how is this possible?I think this is the first I’ve heard of this.

The article is titled Company that routes SMS for all major US carriers was hacked for five years and our good buddy Michael posted this to our TSB list. This is absolutely crazy and I hope they come out and tell us whether SMS was affected by this hack. People can send anything through SMS, and this is going to get interesting if sensitive info were to be given out or leaked somehow as part of this whole mess. Better check this one out, we all need to watch this one.

Comments (0)

Apple releases updates yesterday

Late last night, I saw two posts in regards to apple updates. Both of these come from Apple Vis.

That’s it. These are the updates for now. Thanks for reading!

Comments (0)

The EFF is announcing deprecation of their plugin https everywhere

Hello everyone, welcome to another blog post ehre on the blog. Today, I’m doing some news notes, and while some may be here, others may not. Today, in this post, the EFF is announcing that their https everywhere plugin will be discontinued (deprecated) in 2022, so you have time.

We know that the web is going full https, and I announced in june that we were running on full SSL redirect. That blog post talks about and links to a video of someone at the company talking about how to do this. There may be other instructions for other control panels out there, feel free to check it out.

While the browsers are updating now on a regular basis if turned on which mine is by default, maybe we should have it disabled earlier than that? I know the article Electronic Frontier Foundation will deprecate HTTPS Everywhere plugin has the details on why this may not be the case, and links to other sources of interest and backstory.

Do you think the deprecation should happen sooner, or do you think 2022 is reasonable? Let’s discuss!There’s no wrong answer here.

Comments (0)

NCSAM post 6: Scam apps on the android store

So … I guess we shouldn’t be surprised in regards to the fact that scam applications re now being talked about in the relm of the Android ecosystem. Problem is, we can’t rule out any potentials in the IOS ecosystem as these types of things can be sneaky and could pass the checks that Apple has too. Its been done.

The article comes from Ars Technica and is titled Hundreds of scam apps hit over 10 million Android devices which should be read in full.

“This is impressive delivery in terms of scale,” says Richard Melick, Zimperium’s director of product strategy for end-point security. “They pushed out the full gauntlet of techniques across all categories; these methods are refined and proven. And it’s really a carpet-bombing effect when it comes to the quantity of apps. One might be successful, another might not be, and that’s fine.”

The operation targeted Android users in more than 70 countries and specifically checked their IP addresses to get a sense of their geographic regions. The app would show webpages in that location’s primary language to make the experience more compelling. The malware operators took care not to reuse URLs, which can make it easier for security researchers to track them. And the content the attackers generated was high quality, without the typos and grammatical errors that can give away more obvious scams.

Lots of linked material in this post, and this will also go in to our podcast as part of NCSAM because it is important to discuss this. What do you think?

Comments (0)

NCSAM post 5: We’ve got a new article dealing with Twitch

Today, we’ve got a brand new article talking about Twitch. The article is titled Trolls defaced Twitch’s website with pictures of Jeff Bezos, the latest security concern which was quite interesting to read.

It covers the same thing as the article we first covered when I blogged about this before.

I guess you’re asking what’s new?

What’s new is that we’re learning that Twitch got defaced. Deface in this context means that the site was changed in some way.

While the image of Bezos disappeared from Twitch within a few hours, the website defacement is a signal that Twitch’s security issues are not over, days after a major data breach.

A lot of people know that Jeff Bezos is the founder of Amazon, and his picture was the image that is talked about which was plastered on Twitch.

If you are interested in the update, please click through and read this update.

Thanks for reading, and make it a great day!

Comments (0)

NCSAM post 4: The Rise of OTP Password interception bots

So, I’ve been thinking of this post a little bit more since we covered it in news notes. The article is titlted The Rise of One-Time Password Interception Bots.

What was interesting about this article was the fact that it talks about SMS based authentication where the actors would get the codes because they’d call you and tell you there was a problem and you’d enter the code by telephone.

What I’m curious about is whether the authenticator apps are affected by this. The reason I ask is because if you got a call, and you believed it, you could enter those codes and they could probably try it.

I have thought about this and I think it could work although the OTP changes every 30 seconds, whereby the SMS could take minutes as they allow for it to be delivered.

Feel free to check this article out in full, and let me know what you think.

Comments (0)

NCSAM post 3: Twitch got breached, what can we learn?

Since I missed a day, I’m going to number these as post numbers now. This time, we’re talking about a breaking story as we taped the Security Box live Wednesday. The article Stolen Twitch source code, creator payment data revealed in apparent data leak is the article written during the same day.

For those who are not familiar with Twitch, the first short paragraph sums it up nicely on who they are.

Twitch, a subsidiary of Amazon, is a popular service that broadcasts esports, live music and other events to audiences that have numbered millions at a
time.

Another portion of another paragraph says:

An anonymous user of the message board 4chan — home to hackers and trolls alike — posted a 125-gigabyte torrent file that they allege includes all of Twitch’s code, including information about internal security tools, three years of payment history to Twitch “creators” and data related to proprietary software.

This number is not to sneeze at, 125GB is quite large, although not as large as some of our hard drives today.

Twitch did confirm the breach which I think is a first in quite awhile anyway.

This will be our first topic of next week’s show, appropriately because it broke during last week’s program and I didn’t look till after the program.

Lastpass tweeted out two tweets which are quoted within the notes, although adjustments to braille needed to be made as it uses symbols not known to braille.

Those tweets are:

LastPass, Worried about the #twitchleak? ? Step 1: Change your Twitch password. Step 2: Turn on Multi-Factor Authentication. Stay safe online this October (and beyond), and #BeCyberSmart. ? Via @VGC_News: https://bit.ly/3oFylYa a day ago, Khoros Publishing App

LastPass, The #Twitch leak is a good reminder to always be vigilant about your online security.
Whether you are/aren’t a Twitch user, here’s steps you can take to #BeCyberSmart: https://bit.ly/3iD3pUL a day ago, Khoros Publishing App

The time stamps mentioned here are the time from when the tweet was posted, and the client they used.

Were you affected by the Twitch breach, and what did you do? A quote said that using MFA and changing your password were not bad things to do, but the article did not say what was potentially taken.

Before I let you go, the article said they were working quickly to determine what happened, and more information would be forthcoming. If that happens and I’m alerted to it, I’ll update with more information when I get it.

Thanks so much for reading!

Comments (0)

Automated vehicles not ready for prime time, hit blind pedestrian

You’ll need to run this through a translator as the article is in German. Someone who followed me after I was in their room on Clubhouse sent me this today, and it is definitely scary.

Its definitely lengthy but an important read. A blind individual got hit by a fully automated bus, meaning that the driver was not responsible for anything, according to the article.

This is definitely going to be interesting, as i’ve been following the driving cars for years. The blind person was not killed, but missed where they were to go.

Read the article Autonomous driving
Look me in the eye, small car!
for all of the details.

Comments (0)

NCSAM day 2: let’s see more arrests

Its always nice when we see arrests of different suspects in the cybercrime arena, and I hope that during NCSAM, we will see more.

Today, I want to highlight this article titled Police raid in Ukraine results in arrests of 2 alleged ransomware hackers which was written by Cyberscoop. Several countries are going to be talking this month, according to the article, and hopefully they’re going to over this and other things.

Europol was involved in this, and Trend Micro has been known to be involved in investigations where Europol helps pick up people.

The statement did not name the group the suspects allegedly worked for, said the scammers pulled off attacks against “very large industrial groups in Europe and North America from April 2020 onwards.” The group uses a double-extortion technique in which it locks up the victim’s servers and then threatens to leak sensitive data if the victim does not pay, according to authorities.

Authorities from Ukraine, France, the U.S., Interpol and Europol were involved in the most recent operation.

There’s plenty of other stuff and linked material here, so feel free to check this out.

I hope that you enjoy reading and make it a great day!

Comments (0)

This week in security news, news ending October 1, 2021

I haven’t posted these in quite awhile, but need to. This Week in Security News – October 1, 2021 has tons of stuff in it.

  • IoT and Zero Trust Are Incompatible? Just the Opposite
  • Senators Introduce Cyber Bill to Mandate Reporting on Ransomware and Critical Infrastructure Attacks
  • Fake Installers Drop Malware and Open Doors for Opportunistic Attackers
    Cyberattacks Top List of Focuses for Business Leaders
    FormBook Adds Latest Office 365 0-Day Vulnerability CVE-2021-40444 to Its Arsenal

  • Russia Detains Head of Cybersecurity Group on Treason Charges
  • Zloader Campaigns at a Glance
  • NSA, CISA Release Guidance on Hardening Remote Access Via VPN Solutions
  • IoT and Ransomware: A Recipe for Disruption

  • Google Launches New Reward Program for Tsunami Security Scanner
  • Mac Users Targeted by Trojanized iTerm2 App

  • 4 Cybersecurity Strategies for Small and Midsize Businesses
  • Microsoft Warns of New Malware That Creates Secret Backdoor
  • Telegram Bots Are Trying To Steal Your One-Time Passwords

These are all of the article titles, so read what’s interesting to you and make it a great day!

Comments (0)

Facebook properties down, developing story

Well,

This morning, I saw a clubhouse room that indicated that facebook’s properties are down. Just like clockwork, I opened my app to see if any of my sources have this, and at 5 pastnoon, My Buddy Mr. Krebs has an article penned What Happened to Facebook, Instagram, & WhatsApp? which has some detail although it is still early.

Apparently, the outage started just after I got up this morning Pacific time, and I can confirm that the app is not responding to anything although I saw a notification today within the past few hours.

Facebook and its sister properties Instagram and WhatsApp are suffering from ongoing, global outages. We don’t yet know why this happened, but the how is clear: Earlier this morning, something inside Facebook caused the company to revoke key digital records that tell computers and other Internet-enabled devices how to find these destinations online.

In simpler terms, sometime this morning Facebook took away the map telling the world’s computers how to find its various online properties. As a result, when one types Facebook.com into a web browser, the browser has no idea where to find Facebook.com, and so returns an error page.

In addition to stranding billions of users, the Facebook outage also has stranded its employees from communicating with one another using their internal Facebook tools. That’s because Facebook’s email and tools are all managed in house and via the same domains that are now stranded.

It is a possibility that a hack took place, the article continues, but we really don’t know and I’m not going to say whether they have or haven’t.

While one of my contact points is What’s App, if ItsDown, its down. There’s nothing I can do about it. When it comes back, I’ll be happy.

My SMS is still up for the public at 804-442-6975 which is also my What’s App number as I changed it some time ago.

Before the paragraph about the developing story aspect that Krebs writes at the end, I found this paragraph of interest too:

In the meantime, several different domain registration companies listed the domain Facebook.com as up for sale. There’s no reason to believe this domain will actually be sold as a result, but it’s fun to consider how many billions of dollars it could fetch on the open market.

As I prepared this block post, Security Now’s Steve Gibson put out a tweet:

Steve Gibson, Facebook may have “deplatformed” itself, along with Instagram and WhatsApp. Hope no one depends upon “Login with Facebook!” Whoopsie! Somehow, the BGP entries for Facebook’s DNS resolvers have been withdrawn from the Internet’s routing tables. Insider? Attack? Who knows. Wow. 6 minutes ago, TweetDeck

As I prepared to get this blog post up: Steve Gibson said:

Steve Gibson, Someone on the Facebook recovery effort has explained that a routine BGP update went wrong, which in turn locked out those with remote access who could reverse the mistake. Those who do have physical access do not have authorization on the servers. Catch-22. a minute ago, TweetDeck

When I learn more, I’ll be posting to the TSB list as well as posting a blog post where I can.

Thanks for reading.

Comments (0)

Older Posts »

go to sections menu


navigation menu

go to sections menu