go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: article commentary

Go to Homepage [0], contents or to navigation menu



10 Ways To Legally Get Free Internet At Home (And In Public)

On the 12th of November, someone emailed me about this particular article. 10 Ways To Legally Get Free Internet At Home (And In Public) which I’ve finally gotten a chance to read. Since it has been awhile, I thought I’d finally take a look.

While Net Zero has been around for quite a number of years, I’m honestly surprised they’re in this list.

This is only a resource. I’m not saying you should go totally free, read the entire article and decide how you want to proceed.

I enjoyed reading this article, and maybe someone can find the information of value as we look to proceed in todays digital age.

Comments (0)

FTC Warns of Ongoing Scam Spreading Scary Terrorism Allegations

The U.S. Federal Trade Commission (FTC) warned consumers today of an active scam campaign targeting potential victims with letters designed to scare them with fake money laundering and terrorism allegations.

Source: FTC Warns of Ongoing Scam Spreading Scary Terrorism Allegations

This is only a portion of an article I think people should see, especially during this time of year in shopping online and in store. Please be as careful as you can.

Comments (0)

How easy is it to get a domain? Very easy in fact

Before I talk about the article which I’ve been thinking about lately, I want to mention getting a domain in general is easy. In fact, I’ll mention a phraise from the article “too easy.” Thats it.

For most domains, you just pay the money requested, turn on the option for identity protection, and away you go. For other domains, there may be more steps like having an SSL certificate installed, or even proof of address or phone number.

One of the things they do say is that you should have “accurate records” for the directory, or you could be terminated but I don’t know how true that really is. I know someone who may have put a false address in place, but I don’t want to outright confirm or deny anything, especially since things have changed.

Now, lets talk about this article entitled It’s Way Too Easy to Get a .gov Domain Name and why I think there should be a change. According to research for this article, someone reported that government domains do require some form of letterhead from the governmental agency. I suppose the letterhead will have a letter telling the registering company what the use will be, but I am unclear about that. Now, the guy who did the research baught the domain, sent in the forms, and had the domain and he didn’t work for the government.

I think that if we need to prove who we are, by supplying our contact info, we should also supply valid documentation to prove who we are if we’re buying domains that require that. I have a .com,, .net, and .info and all I’m using for different purposes. I also have a .org yet I’m only running the site, I’m not employed by the company who is now paying me to run it. I wasn’t asked for documentation for the organization, and I would have provided it upon request. Is this the same type of thing that may be utalized for the .gov domain discussion in the article?

I would suggest everyone take a look at this governmental thing, and lets discuss what you think we can improve the security of our domains. This is why miscreants are able to buy large swaths of domains because there’s no validation and questioning of what will be done with it. Even if you ask for identification by calling to verify who you say you are, that would be a start. Even clicking a link to verify they’ve got the proper email address for registration would be a start.

I’d be interested in your thoughts. I’ve been thinking about this article after a long days worth of work, and now its time to put it to paper or in this case, virtual paper. Thoughts?

Comments (2)

Its time to post some good news

I know I’ve read at least one of the two articles from Krebs in regards to some good news in the arrest department.

I don’t remember if I read that, but thats some of the good news that I’ve found in the arrest department. This aught to be fun if I didn’t read two of the three articles. Maybe its time that I start catching up on some of this stuff.

If you’ve seen these in passing, what did you think?

Comments (0)

Hospital breaches leading to more heart attacks? You bet!

While I’m getting my day started, I’ve been wanting to try and play some catch up. I’ve been thinking this morning about an article that Krebs On Security penned on his blog entitled Study: Ransomware, Data Breaches at Hospitals tied to Uptick in Fatal Heart Attacks as it has some very serious repercussions. It seems as though the people who send these types of things don’t really care if people die.

Every day, people die for one reason or another. Every day, people are living another day. Why does it have to happen where ransomware is the cause of someone dying because they can’t get the care they need?

How will it feel to them if they died because they sent this to some hospital, then something happens and they can’t get treated? Lets imagine that they survive, get treated, and live to tell the story? What type of story will they be telling? If they die, there is no story, but the family who grieves has no answers and doesn’t really understand what the hell they did. To me, this is just another step lower in the problem of what ransonmware can do.

I’ll be talking about this one on the podcast, this is just sad. Lots of numbers here.

Comments (0)

APT 33 is back, continues to get better it seems

It seems as though APT 33 is getting more sophistocated, according to a Cyber Scoop article APT33 has used botnets to infect targets in the U.S. and Middle East, researchers say and so far, they have not target the United States. This can’t be good, because a group like this will eventually have something for us to eat. I’m not looking forward to the time where we’re targeted next.

Have you seen this, and what do you think?

Comments (0)

Patch Tuesday last tuesday, are you patched?

Last Week, my favorite bloggers Trend Micro and Krebs on Security blogged about patch tuesday. Because of my ongoing work as of late, I’m now trying to play ome catchup of some of the things that I’ve read. I always try to cover Patch Tuesday’s articles if nothing more than to pass along the ones I see.

Have you patched?

Lets stay safe and keep ticking. Thanks for reading!

Comments (0)

A telecom company breached, mongo DB to blame

When is it going to be time for people to learn especially those who set this stuff up that databases that hold information that is crutial to the business to configure it properly? According to this dark reading article CenturyLink Customer Data Exposed this can’t be good. The fact that the database is connected to the Internet is bad enough, but according to a conversation I had with some folks online when told about this is that there is no other solution. Companies that are large or have multiple call centers need to have a way to have access to all of the customer data to make changes, verify information, and the like. Its not like MENVI where we store it, its amongst a few people who are on staff, and thats it. Hundreds of people need access to this information at these companies when you call in, so I understand the challenge.

Who at these companies are responsible for this type of thing? We need to have them answer these questions, and I’m sure that they;’re answering now. This should never happen, and if it does, let it be a mistake that is quickly remedied. Don’t leave it open for months on end for someone to find, especially a hacker. Luckily, it was a researcher, and it can’t be all bad, but what if it wasn’t? What if the database was to be found to include all customer data? The phone company covers multiple states. How does that look? Lets hear your thoughts.

Comments Off on A telecom company breached, mongo DB to blame

‘Camgirl’ sites exposed millions of users after security lapse – TechCrunch

Exposed data linked user profiles to their their viewing history, exposing kinks and private sexual preferences.

Source: ‘Camgirl’ sites exposed millions of users after security lapse – TechCrunch

Oh boy. Now this here is something to post. I am seeing this on twitter, and I thought, really? Could this get any more worse?

Comments Off on ‘Camgirl’ sites exposed millions of users after security lapse – TechCrunch

NCSAM is over, shall we stop teaching

Well, NCSAM is over, and that doesn’t mean we have to stop learning. There’s always something to learn, especially with cyber security. Lastpass, the last password you’ll ever need, has a blog post entitled NCSAM Wrap-Up & Planning for Next Year but why stop there?

Here are some questions Lastpass asks.

  • Did your organization have goals for NCSAM this year?  
  • What new things did you try, or what programs did you continue from previous years?  
  • What type of feedback did you receive?  
  • What would you like to try next year? 
  • What results are you looking to accomplish with your cybersecurity initiatives? 

These are great questions. I think in regards to item 4’s question, I’m trying to teach year around by talking about experiences and things that I’ve read or experienced in life that have happened to me. By talking about what I’ve done after the fact, I can show how proactive I’ve been to the situation at hand. My initiatives for next year is to do the same all year long. This I think should not be a once a month thing. By spreading it all year round, we can always learn, so we can try to prevent the next castrophy.

I’ve received mixed feedback when talking about things. Some have indicated that we’re pretty much screwed anyway, things get on the OS, and it’ll either burn the OS, or the OS will be slow. No matter what we do, we can’t stop the worst of them, they’ll get in regardless. Others like the ideas of what I’m doing, and it can turn in to a discussion on the chat line. Still others, don’t quite comprehend the aspect of how bad it is, and skip it because it can get technical. It just depends, although I try not to be technical about it.

I don’t have goals for the year and I o not have money for programs to implement. I’d love to be involved in phishing simulations because we can always learn so we don’t make a mistake to criple our devices. Its too bad that these types of programs are expensive so people who use a computer but don’t make a lot of money can’t participate in such a program.

I run MENVI and I’m always asked questions by one of my coleagues about something he’s seen. I tell him whats up, and I also send him some of the major articles I find through my RSS feeds. He sends them off to people who need to know.

I believe this is very important year around, not just once a month. By sharing information, we can all participate in reading and understanding what other businesses are going through and can do our best not to fall victim within the net of problems.

Lastpass has ideas for next year including webinars, educating your customers and clients, employee training, share material, and attending a cybersecurity event. I talked about two webinars I’ve attended from Trend Micro and I really need to listen to the last one fully because I’ve missed sone parts of it.

There is more including how they mention inspiring the next generation to get involved by talking about the girl scouts teaming up with a company. Theres plenty of more to read, so take a look around, and lets start making that difference!

Comments Off on NCSAM is over, shall we stop teaching

The biggest names in domain registrations have been breached

Hello all,

I’m unfamiliar with register.com, but I am familiar with Network Solutions. I’m also unfamiliar with web.com as well. Apparently they’re under the same umbrella and it got hacked. According to Breaches at NetworkSolutions, Register.com, and Web.com one is letting their customers know on their web page and reaching out by email, one has info but its buried, and the other has nothing. This is just not the way to do things. You need to be as transparent with your customers as you possibly can. Let them know what you know, so they understand what is happening. Its the best medicine you can have.

Have you seen coverage or is this the first time you’re seeing this? If its the first time, be notified of it now, and see if anything is compromised I.E. domains you control and the like. It doesn’t look like in the article that nothing was touched, but you just never know. Stay safe.

Comments Off on The biggest names in domain registrations have been breached

NCSAM: protecting our kids online

We can’t forget the blog posts that are around the Internet dealing with protecting children online.

We all in our lives at one time or another have made mistakes. We must learn from them too. That also goes for children online. There is a bigger risk with children, and data minors know this and try to get kids to click on things just as much as us adults. This article Home and Away, All Year Round: How Can I Keep My Kids Safe Online? has 8 different points which I’m mentioning in an upcoming podcast that we can all take from, not just teaching the kids.

If we all on’t learn from these tips, the internet could become a very interesting place if it hasn’t already. I know there are other articles I may want to cover as NCSAM closes, so I’ll try to get them read within the next several days. This is going to get rather interesting don’t you think?

Comments Off on NCSAM: protecting our kids online

Chinese companies being eliminated in the tech industry? Two of them may be

I was just giving praise to China on trying to do something good, but we can’t forget two companies who apparently are using tech for bad. In a more recent article entitled FCC chair pitches rules to block Huawei, ZTE written by Cyber Scoop, I’m not even sure what to think.

I believe this is a slippery slope. The two companies mentioned are apparently spying and doing other things which they probably shouldn’t, however, wha t about the meriad of companies that do that just by collecting all this data to either use against you, or just to have it? It can’t work both ways.

While a company like apple collects this data from our phones for services, what makes you think that someone else isn’t in their systems and platforms right now gathering the data to do something more deadly with it? We don’t know if that is even going on.

I bet if these companies are banned by the government, than some others that may eventually be caught and doing the same thing would be forced out, even if they are here in the states. Its going to get interesting.

Comments Off on Chinese companies being eliminated in the tech industry? Two of them may be

China’s Congress Passes Cryptography Law, Effective Jan. 1, 2020

I’m perusing Twitter, and several days ago, an article entitled China’s Congress Passes Cryptography Law, Effective Jan. 1, 2020 was tweeted by a follower and it puzzles me. While I admire China to do good with the idea of this law, we do have a lot of bad coming out of there too. I’m not going to talk about the bad here, because if this new law works and something comes out of it, thats a good thing, correct? On this post, lets concentrate on just this … they’re trying to do something ith the technology to try and do good. This should be commended within their bad press.

Comments Off on China’s Congress Passes Cryptography Law, Effective Jan. 1, 2020

Making The Smart Bet On Cybersecurity

This was quite interesting. Relaying the cybersecurity threats to a casino. This article is awesome, and I think its a good read so passing it along.

Cybersecurity strategy doesn’t have to be a gamble, but trying to beat the odds of a breach is not an easy task. Educating your entire organization, and automating the most data-heavy tasks provide the best defence.

Source: Making The Smart Bet On Cybersecurity

Comments Off on Making The Smart Bet On Cybersecurity

NCSAM: Do you think Android is as secure as they claim? This Android app says not so much!

Today is October 18, 2019. I admire Android for making great strides in securing their operating system. On this day, I read an article that really made me think. Even while I napped this afternoon, I was wondering how I could cover this news about the app entitled Yellow Camera.

According to Trend Micro’s Intellegance Security Blog, this app isn’t a photo editing app at all.
Here are some details from Trend Micro’s analysis of this.

• [MCC+MNC].log, which contains the WAP billing site address and JS payloads, is downloaded from hxxp://new-bucket-3ee91e7f[-]yellowcamera[.]s3[-]ap[-]southeast[-]1[.]amazonaws[.]com.
MCC is the SIM provider’s mobile country code; MNC is the mobile network code.
• The WAP billing site runs in the background; the site accessed/displayed is telco-specific, based on the [MCC+MNC].log.
• The JS payloads auto-clicks Type Allocation Code (TAC) requests — codes used to uniquely identify wireless devices.

This article links to other articles and information that Trend Micro has found and published blog posts on, and luckily, this app hasn’t hit the United States yet from what I’ve tread.

What can you do?

  • Only get apps you’re searching for
  • Down the app from the official store, and read carefully on what you’re getting so you understand what permissions it wants
  • Don’t get anything from unofficial channels or linked you’re not expecting

I know looking may be of interest, but like I’ve said, it may be time to knock that off. It may be time to just say “I didn’t ask for it, I’m not looking, and I’m not wanting to get bitten.”

This is going to get rather interesting.

Have you seen this app, and what did you do when you saw it?

Comments Off on NCSAM: Do you think Android is as secure as they claim? This Android app says not so much!

Credit Card shops, good or bad?

In an earlier ppost, we talked a little about a service called Brian’s shop. According to this article I’m going to link to, this shop was taken down, and in this case, I feel it is a great win! Its one more store that can’t sell our data to anyone. It was taken out of business, and I feel thats a good thing. The person behind it claims that the credit cards were removed from the store upon the hack, but it was later confirmed that they still had them for sale.

Getting an arrest out of this, even though the carder had been hacked is only the first step. We know that this will continue to occur, and we know that new card shops will be at play.

This is a win for the short term, but i’m sure that someone will have even more to sell soon.

When Card Shops Play Dirty, Consumers Win

However, as I noted in Tuesday’s story, multiple sources confirmed they were able to find plenty of card data included in the leaked database that was
still being offered for sale at BriansClub.

Perhaps inevitably, the admin of BriansClub took to the cybercrime forums this week to
defend his business and reputation,
re-stating his claim that all cards included in the leaked dump had been cleared from store shelves.

Thats just what I wanted to post as part of the article and there is a link there. Link to all of the links in this story, and learn what happened through the reporting of all of this stuff.

Comments Off on Credit Card shops, good or bad?

Brians club gets hacked, Uses Brian Krebs and his name

Brian Krebs talks about a carding shop entitled Brians Shop. The people behind this shop pedle Brian’s name and his web site Krebs on Security with a copyright notice. I don’t believe I’ve ever heard of this before, but yet, this just seems wrong. “BriansClub” Hack Rescues 26M Stolen Cards is the article.

Between 2015 and 2019 according to the article, this web site sold 9.1 million credit cards earning the site 126 million bucks. This was all stolen credit card data.

If I were to do this, and do it successfully, I would not use likenesses of a company, I’d use my own company. I’m surprised that Brian Krebs didn’t go after these guys for copyright or something, since his blog, and anything written is copyrighted by the site. Flashpoint helped with analysis of the data, and there’s definitely more to this story. I’m sure that this will get interesting as time passes.

Comments Off on Brians club gets hacked, Uses Brian Krebs and his name

Grease the Skids: Improve Training Successes by Optimizing the Environment

The next article in the phishlabs training is Grease the Skids: Improve Training Successes by Optimizing the Environment and I’ve been thinking about how to write this one up. Training alone is not enough, says Phishlabs. I know that I can talk about my thoughts on subjects, but over all, the user must put what I’ve learned in to practice in their daily life. I can teach a subject, but that doesn’t mean the student is going to get it.

I don’t think some of the things like changing passwords every month is a good idea, but if the organization you work for requires that, the blog post says that the company should force that, and get people to make their passwords valuable but yet not easy to guess.

I’d like for you guys to take a look at this article, and see how you can implement the ideas in it on your own. Lets discuss!

Comments (2)

NCSAM: Security features you should be using in password managers

While the article is actually entitled LastPass Security Features You Should Be Using I’ve been thinking of this more in regards to passwords in general. If you don;’t use passwords in a password manager, that is a choice that you make based on your own needs. I’m not going to change your mind. If you do use passwords in a password manager, have you explored its options to see what else you can store? I’ve not really understood Lastpass that well, especially when it comes to storing documents like birth certificates, passports, and the like, but i have stored notes such as product ID’s of products, and other notations including passwords for one of my network’s list management and other things.

I’m sure we can all learn about what our password manager of choice can hold, and we should continue to enquire in to what types of things it can do.

I would take the items within the last pass article, and see if your manager has similar features. Good luck!

Comments Off on NCSAM: Security features you should be using in password managers

Older Posts »

go to sections menu


navigation menu

go to sections menu