go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: article commentary

Go to Homepage [0], contents or to navigation menu



Here’s something to ponder: a con man turned cybersecurity pro has tips

I’ve already read one book, in the midst of another, have a third on Bookshare, and now … a fourth book in the series. Cybersecurity Tips From a Master of Deception Turned Consultant is the article title

The gentleman’s name that is being interviewed in this article is Frank Abagnale, a very good con man for his day, seeing he started in the 60s with forged checks. In the 2nd book I’m reading, he talks about getting away from checks, and his reasoning.

The Library of Congress has two of the three available books out, and “Scam me if you can” seems to be another great one when it comes out.

link to Penguin for Scam me if you can

about the book

The following comes from the website, and its about the book.

Are you at risk of being scammed? Former con artist and bestselling author of Catch Me If You Can Frank Abagnale shows you how to stop scammers in their
tracks.
Maybe you’re wondering how to make the scam phone calls stop. Perhaps someone has stolen your credit card number. Or you’ve been a victim of identity theft.
Even if you haven’t yet been the target of a crime, con artists are always out there, waiting for the right moment to steal your information, your money,
and your life.
As one of the world’s most respected authorities on the subjects of fraud, forgery, and cyber security, Frank Abagnale knows how scammers work. In Scam
Me If You Can, he reveals the latest tricks that today’s scammers, hackers, and con artists use to steal your money and personal information–often online
and over the phone. Using plain language and vivid examples, Abagnale reveals hundreds of tips, including:
* The best way to protect your phone from being hacked
* The only time you should ever use a debit card
* The one type of photo you should never post on social media
* The only conditions under which you should use WiFi networks at the airport
* The safest way to use an ATM
With his simple but counterintuitive rules, Abagnale also makes use of his insider intel to paint a picture of cybercrimes that haven’t become widespread
yet.

other books in the series

In no particular order, here are the other books in the series. Where appropriate, the book number will be made available from the library of congress. As discussed, only two out of the three are available, and one is available both in audio and braille for those who want it in braille. All are on Bookshare if you’re members.

  • Stealing your life: the ultimate identity theft prevention plan DB64907 I’m reading this one right now. This looks to be the third in the series, and this one is also in braille. The braille number is BR17324 and is two volumes long. The reading time in the audio book is 7 hours, 34 minutes.
    • Former criminal, now a fraud expert, provides a guide to safeguarding personal information. Exposes criminal tactics and offers a twenty-step prevention
      plan with tips including using a shredder, avoiding questionable web sites and ATMs, and consolidating credit cards. 2007. Its read by Butch Hoover for the Library of Congress.
  • Catch me if you can: the amazing true story of the youngest and most daring con man in the history of fun and profit DB55517 This book was recommended to me by the library and I couldn’t put it down! I even saw the movie of the same name, which went in to more detail of what happened after he served his time. Both were excellent. Its also co-authored by Stan Redding. Jack Fox did a great read of this book for the Library of Congress.
    • Lighthearted autobiography of a high-school dropout from the Bronx who became a master counterfeiter and a millionaire by the age of twenty-one. Describes
      his successful impersonations throughout the 1960s of an airline pilot, a doctor, a lawyer, and a college professor, before being apprehended. Some strong
      language. 1980.
  • The Art of the Steal I’ve downloaded this one to read after the first title in this list is read. Its not available on BARD.
    • In his celebrated bestseller, CATCH ME IF YOU CAN, Frank Abagnale recounted his youthful career as a master imposter and forger. Before he was 21 he had
      cashed US$2. 5 million in forged cheques, practised as a lawyer, doctor, pilot, and college professor, even though he was a high school dropout. In THE
      ART OF THE STEAL, Abagnale tells the remarkable story of how he parlayed his knowledge of cons and scams into a successful career as a consultant on preventing
      financial foul play – while showing readers how they can spot and outsmart perpetrators of fraud. Technology may have made it easier to track down criminals,
      but cyberspace has spawned a skyrocketing number of ways to commit crime, much of it untraceable. Frank Abagnale has discovered that punishment for fraud,
      much less recovery of stolen goods, seldom happens – prevention is the best form of protection. Drawing on his early years of experience as a master con
      man and his 25-year career on the other side of the law, he shares eye-opening stories of true scams – and tips on how they could have been avoided. A
      peek inside the predatory criminal mind from a past master of the con, THE ART OF THE STEAL is the ultimate defence against even the craftiest crook.

The last one in this list is a 2001 title, so I read the first, the third, and will go back to the 2nd. I don’t think the order much matters, but this is a great author, not saying that the series by Kevin Mitnick was bad either, but this is a different type of con, and a good one too. I was impressed by catch me if you can, his mind is sharp, yet, he was even able to con his own father. You all should get a chance and get this article, check out the books if you’re interested in them, and feel free to let me know what you think about them. Looking forward in hearing from you!

Comments (0)

Say what? More than a million people have their biometric data exposed in massive security breach

Before I get to the heart of my post, I must add that this post is three days old, but still fresh off the presses. This is definitely something to think about.


I just saw this article entitled: More than a million people have their biometric data exposed in massive security breach and it brings up some very interesting questions. Sadly, I’m not versed on this, and I would rather pass along the article than to comment on something I’m not versed with. I do know that the OPM breach was mentioned, and sadly, if this breach is similar to that one, there is nothing we can do. Hey Steve at GRC? Are you reading? I don’t think this will be the last time we hear of this.

Comments (0)

You cannot pay your Apple Card bill online if you lose your iPhone

I did not know Apple had a credit card. This is quite interesting, until you go to pay a bill that you can’t access for some reason or another. Why would I want to give a company a bunch of info just to pay my bill? I had paid for the first time, a gas bill, and Internet bill. None asked for any information such as social security number, but verification of address or number and/or both was performed. I also will be paying electric bills too, and have set that up over the bank through the electric company web site. Why would a company ask for name, address, SSN, and other information just to get a bill paid? I’d be asking for payment info to assist, and maybe your name. You cannot pay your Apple Card bill online if you lose your iPhone is the article and you should check this out.

Comments (0)

Its time for windows update again

Hello all,

Its time for windows update again if you haven’t applied it. < Trend Micro has a great blog post as usual describing some of whats fixed in a lot of detail, but we can’t forget Krebs On Security as well for providing a post on this. Both have their good points, just look at them and decide what may be of importance information wise for you. Both were good reads.

Comments (0)

More breach news, the breaches just keep on coming

Well,

In the past two days, I’ve seen breach notifications. In an article I found on twitter, over 800 South Carolina employees that work the state in some capacity or another got breached and someone is getting diciplined. 824 current and former Charleston County employees impacted in HR data breach is the article, and the good news out of this will be that the number is small compared to some of the other big time breaches.

The next one comes from Krebs on Security where we get an update to a breach from First American. SEC Investigating Data Leak at First American Financial Corp. is the name of the article and let it be known that this is huge.

Word of the SEC investigation comes weeks after regulators in New York said they were investigating the company
in what could turn out to be the first test of the state’s strict new cybersecurity regulation, which requires financial companies to periodically audit and report on how they protect sensitive data, and provides for fines in cases where violations were reckless or willful. First American also is now the target of a class action lawsuit
that alleges it “failed to implement even rudimentary security measures.

I know one thing, I store backups of my stuff in dropbox, unlinked, safely in my hands, and protected by two factor. While no service is 100 percent fullproof, we must start somewhere. Having databases open like the capitalone breach, insiders like the capitalone breach, firewall issues like the capitalone breach, and the like won’t cut it anymore. Maybe not all these factors were related to Capital One, but all of them are the same in every breach. This can’t be good. It can only get worse, correct?

Thoughts? Feel free to sound off.

Comments (0)

Security Now said that Blue Keep was going to be a problem, it may be almost here

I’m on twitter, and I found an article entitled US company selling weaponized BlueKeep exploit and it looks to be a mixed blessing as both a testing tool, as well as something which could be exploited like Security Now’s Steve Gibson and others have predicted. Unless this gets out of hand and it gets reversed engineered, than we’re OK for now. I’m also running the latest version of Windows, which is version 10 update 1903 I believe it was. I updated to that before my computer was shut down for the move I went through. I wonder what Steve will say about this now? I retweeted the article from Twitter, and mentioned Steve so he could see it. Thoughts? Leave them here.

Comments (0)

A blind man couldn’t order pizza from Domino’s. The company wants the Supreme Court to say websites don’t have to be accessible

The Gentleman in this article II grew up with. I’d love to get updates on this, because there are a lot of websites that are not accessible where we could buy things if needed. I’m hoping to hear more, and I hope to see the gentleman in question again to see how this turns out or articles come across my desk about it.

Domino’s has petitioned the Supreme Court to hear the case, where it could prove to be a landmark battle over the rights of disabled people on the internet.

Source: A blind man couldn’t order pizza from Domino’s. The company wants the Supreme Court to say websites don’t have to be accessible

Comments (2)

Bullet Proof Hosting, how bad can it get?

Hello all,

In the recent article department, Krebs on Security has penned an article talking about one of the bigger bullet proof hosters. The article here is entitled Meet the World’s Biggest ‘Bulletproof’ Hoster and I found it quite interesting that these services are still around.

All web hosters whether we resell from a provider like I do, or you provide services to the public where you do the selling, we have to adhere to very high standards. We can’t host illegal, questionable, adult content, and other rules are in place so the services are legal. The bullet proof hosters tend to ignore complaints, and just take money. We’ve talked about several of these types of hosters, one that come to mind right now was the one in Colorado that got taken down. I don’t remember who it was off hand, but this doesn’t surprise me, especially because bullet proof hosters could have resellers under them that resell services to others.

This particular article has a video. The article also profiles someone who is named Alexander, or YALISHANDA. Feel free to catch the video, and also feel free to read the article and leave your thoughts.

Comments Off on Bullet Proof Hosting, how bad can it get?

Yet another ransomware case: are they doing the best job?

In a prior article, I mentioned a ransomware case, and similar tendencies to the article I’m linking to here, and the prior article. I’m talking about QuickBooks Cloud Hosting Firm iNSYNQ Hit in Ransomware Attack in this article. I think they’re doing the best they can, and in some instances, staying tight lipped.

Unlike a company who is suffering serious computer trouble, I was speaking with someone in regards too this article, and they mentioned that it was better to be tight lipped about Ransomware because its different, and they did say they’re restoring from backup. I could understand why they said tight lipped is better. I would continue to provide updates, however, I.E. we’re continuing to restore from backups, the status is … and what the status is.

We’ve recently published an article on Philmore Productions, who hardly provides updates now, and really hasn’t provided many updates, but this article shows that in some cases, saying nothing is better, but I think thta you should be as honest with your customer base and potential customers as possible.

I’d love to hear your thoughts.

Comments Off on Yet another ransomware case: are they doing the best job?

Stop punishing developers who are trying to make their games accessible

hI just read this applevis post Stop punishing developers who are trying to make their games accessible and it has an accompanying blog post or two. I read the first one, and it is sad that we have to see this. I didn’t read the comments all the way through, nor have I played crafting kingdoms, but it looks like this company is trying. We need to give them the benefit of the doubt, especially since its a small company. Lets give them the praise they deserve.

Comments Off on Stop punishing developers who are trying to make their games accessible

What I’ve been reading of late

Hello folks, here is some of what I’ve been reading. Maybe you’ll find it of value.

This is only some of what I’ve been reading. There’s plenty more, so why not check out my twitter to see if anything fancies you? You can follow me, and get some interesting news. I try not to put my own thoughts in to things, however, I try to put out things people might be interested in.

You also might want to comment here for in audio for a future podcast. Transfer files through wetransfer and send it to my email address for the blog. Let me know what you think.

Comments Off on What I’ve been reading of late

You’re going to pay more for .org and .info domains following ICANN’s lifting of price caps

Hello folks,

While this is older news, and I think I found something of interest, this article entitled You’re going to pay more for .org and .info domains following ICANN’s lifting of price caps really hit home. I remember leaving comments saying that there are people who can’t afford it if prices are too high, and I’m one of them. I run menvi.org which is a non-profit. I get re-embersed, but if it goes up, it might become a problem. I’m not sure if it will, but thats why I’m saying might. Only time will tell.

Comments Off on You’re going to pay more for .org and .info domains following ICANN’s lifting of price caps

Attunity Data Leak Exposes Sensitive Files at Ford, TD Bank

Well, this can’t be good. Its not as bad as others, and luckily a researcher found this and notified the company, but this is what we want. We want researchers to find he data and disclose it to everyone involved instead of hackers making off with it.

Three unsecured Amazon S3 storage buckets compromised more than 1TB of data belonging to Attunity and its high-profile clients.

Source: Attunity Data Leak Exposes Sensitive Files at Ford, TD Bank

Comments Off on Attunity Data Leak Exposes Sensitive Files at Ford, TD Bank

When Myspace Was King, Employees Abused a Tool Called ‘Overlord’ to Spy on Users

Several employees were caught abusing the tool, which let them read users’ messages and passwords.

Source: When Myspace Was King, Employees Abused a Tool Called ‘Overlord’ to Spy on Users

So this is myspace news, but it trickles to every social media platform today no matter what the tool is to help with law enforcement stuff. This can’t be good, now can it?

Comments (1)

Former Equifax exec sentenced to 4 months in prison for insider trading related to data breach

Source: Former Equifax exec sentenced to 4 months in prison for insider trading related to data breach

More equifax news, it doesn’t seem to be getting any better, does it? This just shows that crime does not pay, and there are penalties. I’m happy to see that something is finally being done to show that this can’t go on anymore.

Comments Off on Former Equifax exec sentenced to 4 months in prison for insider trading related to data breach

Do Data Breach Victims Have Standing to Sue?

This is quite interesting. Found this on twitter, and thought the blog would love to see this too. Sounds like there is a split on whether we can sue, but frankly, the companies who have our info should be part of the solution by protecting it the best they can. This includes patching if necessary if the perp gets in via a hole in software installed.

Data breach victims are at risk of identity theft, but the courts are split on whether they have standing to sue the companies that failed to protect their data.

Source: Do Data Breach Victims Have Standing to Sue?

Comments (1)

Florida City to Pay $600,000 to Hackers After Ransomware Attack

The attack occurred on May 29 when a police department employee reportedly opened an email containing the malicious code.

Source: Florida City to Pay $600,000 to Hackers After Ransomware Attack

This is not going to be the first time, nor the last. Read the full article, as it gleams insite in to not necessarily why the ransom was paid, but each case is going to be different. I do not believe Baltimore did pay, as they had backups, but this is a true reminder to do the best you can.

Comments Off on Florida City to Pay $600,000 to Hackers After Ransomware Attack

Its hard to prove spam sending

Hello all,

Without going in to detail, I know it is going to be hard to prove spam sending. I know of somebody who is now accusing someone of sending spam out in regards to Asian dating, and probably other stuff.

Here is a contact form I received through MENVI, and I know my MENVI members wouldn’t send such a thing.


Below is the result of your feedback form. It was submitted by
(
gilvicler@hotmail.com)
on Sunday, June 23, 2019 at 10:55:43
—————————————————————————
name: JamesPax
City_State_Province: Rajkot
country: India
Phone: 81588552378
contactmethod: Please contact me by telephone
contact: Please have Janet Quam: assistant webmaster) to contact me
reporting_bug: No, I’m not reporting a bug with the web site at this time
reporting_bug_Yes: Rencontrez des filles sexy dans votre ville:
http://xurl.es/bhld3

comments: Rencontrez des filles sexy dans votre ville:
http://xurl.es/bhld3

submit: Submit comment or question to the MENVI contact team
—————————————————————————

HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
REMOTE_ADDR: 185.130.184.216

Comments (2)

Trick Bot is back, still on the loose

Hi all, Trick Bot, another one of these notorious havocs is back. According to Trickbot Watch: Arrival via Redirection URL in Spam we’re not out of the woods yet. With the amount of spam that is out there, we really need to be on our guard. We can’t let up just because of the fact that its safe to open. As I find other articles that I can talk about here on the blog, we must continue to be on guard for things that we may not be expecting and slow down a bit. Here’s just one section of the article.

Defending against Trickbot: Trend Micro recommendations and solutions

Trickbot has seen developments beyond that of a typical banking trojan, and updates to it aren’t likely to go away anytime soon. For instance, it has also
been found being delivered as a payload by attacks like those of
Emotet.
Cybercriminals that take advantage of Trickbot primarily use phishing techniques that trick users into downloading attachments and visiting malicious sites
that steal their credentials.

Users and enterprises can protect themselves by following these best practices against spam and other phishing techniques:

list of 4 items
• Be wary of telltale signs of spam such as suspicious sender addresses and glaring grammatical errors.
• Refrain from opening email attachments from unverified sources.
• Keep comprehensive logs of what happens within the network, which allows IT personnel to track suspicious activities like traffic from malicious URLs.
• Monitor the network for potential threats, which can help an organization to identify malicious activities that traditional security solutions might
not be able to detect.
list end

Users and enterprises can also benefit from protection that uses a multilayered approach against risks brought by threats like Trickbot. We recommend employing
endpoint application control that reduces attack exposure by ensuring only files, documents, and updates associated with whitelisted applications and sites
can be installed, downloaded, and viewed. Endpoint solutions powered by
XGen™ security
such as
Trend Micro™ Security,
Trend Micro™ Smart Protection Suites,
Trend Micro Worry-Free™ Business Security,
and
Trend Micro Network Defense
can detect malicious files and URLs and protect users’ systems.

To get the proper formatting, please view the full HTML article, but I give this section to give you the idea of how bad this is. As Security Now has said, it only gets worse, right? Please leave those thoughts.

Comments Off on Trick Bot is back, still on the loose

CVE-2019-2725 Exploited and Certificate Files Used for Obfuscation to Deliver Monero Miner

When I initially read this article, I was wondering how I could convey the information on how dangerous this bug is. I really can’t, because it is so complex. CVE-2019-2725 Exploited and Certificate Files Used for Obfuscation to Deliver Monero Miner is the article and it goes in to detail on how it works, whats involved, and how to protect yourself. This bug basically takes certificate files in which you get when going to secure sites, and makes havoc out of it. I would check out the article to get the details on this one.

Comments Off on CVE-2019-2725 Exploited and Certificate Files Used for Obfuscation to Deliver Monero Miner

Older Posts »

go to sections menu


navigation menu

go to sections menu