go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: article commentary

Go to Homepage [0], contents or to navigation menu



NCSAM: Do you think Android is as secure as they claim? This Android app says not so much!

Today is October 18, 2019. I admire Android for making great strides in securing their operating system. On this day, I read an article that really made me think. Even while I napped this afternoon, I was wondering how I could cover this news about the app entitled Yellow Camera.

According to Trend Micro’s Intellegance Security Blog, this app isn’t a photo editing app at all.
Here are some details from Trend Micro’s analysis of this.

• [MCC+MNC].log, which contains the WAP billing site address and JS payloads, is downloaded from hxxp://new-bucket-3ee91e7f[-]yellowcamera[.]s3[-]ap[-]southeast[-]1[.]amazonaws[.]com.
MCC is the SIM provider’s mobile country code; MNC is the mobile network code.
• The WAP billing site runs in the background; the site accessed/displayed is telco-specific, based on the [MCC+MNC].log.
• The JS payloads auto-clicks Type Allocation Code (TAC) requests — codes used to uniquely identify wireless devices.

This article links to other articles and information that Trend Micro has found and published blog posts on, and luckily, this app hasn’t hit the United States yet from what I’ve tread.

What can you do?

  • Only get apps you’re searching for
  • Down the app from the official store, and read carefully on what you’re getting so you understand what permissions it wants
  • Don’t get anything from unofficial channels or linked you’re not expecting

I know looking may be of interest, but like I’ve said, it may be time to knock that off. It may be time to just say “I didn’t ask for it, I’m not looking, and I’m not wanting to get bitten.”

This is going to get rather interesting.

Have you seen this app, and what did you do when you saw it?

Comments (0)

Credit Card shops, good or bad?

In an earlier ppost, we talked a little about a service called Brian’s shop. According to this article I’m going to link to, this shop was taken down, and in this case, I feel it is a great win! Its one more store that can’t sell our data to anyone. It was taken out of business, and I feel thats a good thing. The person behind it claims that the credit cards were removed from the store upon the hack, but it was later confirmed that they still had them for sale.

Getting an arrest out of this, even though the carder had been hacked is only the first step. We know that this will continue to occur, and we know that new card shops will be at play.

This is a win for the short term, but i’m sure that someone will have even more to sell soon.

When Card Shops Play Dirty, Consumers Win

However, as I noted in Tuesday’s story, multiple sources confirmed they were able to find plenty of card data included in the leaked database that was
still being offered for sale at BriansClub.

Perhaps inevitably, the admin of BriansClub took to the cybercrime forums this week to
defend his business and reputation,
re-stating his claim that all cards included in the leaked dump had been cleared from store shelves.

Thats just what I wanted to post as part of the article and there is a link there. Link to all of the links in this story, and learn what happened through the reporting of all of this stuff.

Comments (0)

Brians club gets hacked, Uses Brian Krebs and his name

Brian Krebs talks about a carding shop entitled Brians Shop. The people behind this shop pedle Brian’s name and his web site Krebs on Security with a copyright notice. I don’t believe I’ve ever heard of this before, but yet, this just seems wrong. “BriansClub” Hack Rescues 26M Stolen Cards is the article.

Between 2015 and 2019 according to the article, this web site sold 9.1 million credit cards earning the site 126 million bucks. This was all stolen credit card data.

If I were to do this, and do it successfully, I would not use likenesses of a company, I’d use my own company. I’m surprised that Brian Krebs didn’t go after these guys for copyright or something, since his blog, and anything written is copyrighted by the site. Flashpoint helped with analysis of the data, and there’s definitely more to this story. I’m sure that this will get interesting as time passes.

Comments (0)

Grease the Skids: Improve Training Successes by Optimizing the Environment

The next article in the phishlabs training is Grease the Skids: Improve Training Successes by Optimizing the Environment and I’ve been thinking about how to write this one up. Training alone is not enough, says Phishlabs. I know that I can talk about my thoughts on subjects, but over all, the user must put what I’ve learned in to practice in their daily life. I can teach a subject, but that doesn’t mean the student is going to get it.

I don’t think some of the things like changing passwords every month is a good idea, but if the organization you work for requires that, the blog post says that the company should force that, and get people to make their passwords valuable but yet not easy to guess.

I’d like for you guys to take a look at this article, and see how you can implement the ideas in it on your own. Lets discuss!

Comments (2)

NCSAM: Security features you should be using in password managers

While the article is actually entitled LastPass Security Features You Should Be Using I’ve been thinking of this more in regards to passwords in general. If you don;’t use passwords in a password manager, that is a choice that you make based on your own needs. I’m not going to change your mind. If you do use passwords in a password manager, have you explored its options to see what else you can store? I’ve not really understood Lastpass that well, especially when it comes to storing documents like birth certificates, passports, and the like, but i have stored notes such as product ID’s of products, and other notations including passwords for one of my network’s list management and other things.

I’m sure we can all learn about what our password manager of choice can hold, and we should continue to enquire in to what types of things it can do.

I would take the items within the last pass article, and see if your manager has similar features. Good luck!

Comments (0)

Capital One hacker … innocent or guilty? You decide!

According to the latest from CyberScoop, they are talking about the suspect Page Thompson may have had 20 to 30 TB of data from various companies. They also indicate that she is a flight risk. But what we didn’t find out, and I am not going to say one way or the other, but Page may have been male, now becoming female according to the article. Whether you’re male or female, it honestly doesn’t matter because there is a lot of data that the government is going through that you allegedly had on you. I think the judge is trying to treat Page as fairly as possible whether they are male or female. If the judge thinks she/he is a flight risk, and they think she/he is going to do something, than that should be taken in to account. If I rember correctly, this suspect pleaded not guilty correct? There are a bunch of links within this article including the not guilty plea which I was correct on. Read the article update from cyberscoop: Accused Capital One hacker had as much as 30 terabytes of stolen data, feds say and make your own opinions on this one.

Comments (0)

Apple Releases iOS 13.1.3, iPadOS 13.1.3, and macOS Catalina Supplemental Update

This is the article title from apple vis. They cover whats new in these releases and you may want to take the time to update if you have had the issues mentioned in the article. go on over to apple vis to read more. Thanks for listening and reading.

Comments (0)

NCSAM: email delivery: check the sender of email

I may be a little bit behind, so excuse me. Today, I read a blog post as part of the NCSAM series that I think is appropriate. It talks about checking the senders email address as part of the verification process. This is especially true, as now a days, the sender can claim to be someone you know.

I have first hand experience with this. I know someone who will remain nameless for this blog post. I also have their email address. I got an email recently that had their full name. In the body, was a link.

When they originally sent links to me, they included a note such as “here you go” or something to indicate what I was getting as well as a subject line.

In the email preporting to be them, I forget what the subject line was if it had one, but the body had a link such as hxxp://aerifog.com (don’t go there) instead of something that i was expecting.

I think out of curiosity, I went to see what it was, as I felt it wasn’t melicious, but once I saw where I was headed, I backed out.

Today, I think its time to stop doing that. If I’m not expected to go somewhere based on an email I’m expecting, then I’m not going there. I’ve sometimes gotten curious, but I think it is becoming too much of a problem to do that now.

I’m not going to say that I won’t occasionally look, but I think eventually I’m going to get caught.

With shorteners like cutt.us you can add a character to see stats and see exactly where you’re going. I’ve done this when I’m curious and I know they’re available to check that.

Another thing this article mentions is to check the way the person writes.

  • Do they have a default signature?
  • Do they greet you by name?
  • If not by name, by company name?
  • Does the company send you promos and things like Amazon?
  • When you coorespond, does the company have a signature with phone number, address, hours of operation, or something that you spot in every communication?

These are some ideas I can think of and questions to ponder when you get email.

When I send email from my tech at menvi address, I have a signature, my name and technology blog and podcast is in the name, and if I send you something, I include a link directly to where you’re going. I also in the signature have a signature with my blog address and main web page.

If you communicate with me using other addresses, you’ll see various signatures except gmail where I just sign.

I suggest you take a look at this Phishlabs blog post entitled Beware of Account Takeover which may have other tips that I haven’t covered that may be of value to you as we learn how to stay safe in the ever changing landscape we call the Internet.

Please share what thoughts you might have when it comes to how you, the individual, or you as a company, tell customers how to stay safe when it comes to email delivery. Lets talk!

Comments (0)

Will Apple get hacked more in the future? Business insider says yes

With apples IOS 13, and very successful hacks in to the IOS platform, we’re starting to see Apple being targeted. According to this article from Business Insider entitled A cybersecurity expert explains why we’re likely to see more Apple hacks in the future we’re going to see more hacks toward IOS and Mac devices. Windows is also covered, and rightly so.

While my phone is older, and I’ll be looking to replace it soon, making sure our software is as up to date as possible is now more crucial. This is going to get interesting as we continue to see these types of issues including data breaches in general.

The fact that the article talks about whats app as an entry point, whats app developers need to fix that hole too. Its not all the operating systems fault, whether its windows, mac, ios, android, lynux, or any other operating system out there.

NCSAM

Comments (0)

British Airways data breach: class action lawsuit approved – IT Governance Blog

Here is British Airways news. I think I covered this back when it broke, so I found something and thought I’d post this update here to the blog.

We need to remember things are changing, and this is only the beginning of the problems if we can’t figure out how to protect ourselves the best we can.

A portion of the article and the link follow.

The High Court has granted a group litigation order, effectively giving the go-ahead to mass legal action from 500,000 victims of the 2018 BA data breach.

Source: British Airways data breach: class action lawsuit approved – IT Governance Blog

Comments (0)

Presidential campaigners are not secure … this can’t be good

According to an article I’ve thought about and saw today, 16 out of 23 potential candidates are not security concious and have some things to fix before next year and running for president.

I’m not going to rehash the articles I wrote on Donald Trump, you can go to my article listings page AND SEARCH them out on your own under the vocal heading. If this is in any indication, we’re going to have another long 4 years if someone new wins and their cybersecurity is not to par.

Article: U.S. Presidential Campaigns Struggle With Cybersecurity

Comments (0)

Alabama got hit with Ransomware, pays ransome

Hello all,

Well, the news this week deals with Alabama getting hit with Ransomware. According to this article entitled Ransomware attacks are insidious. Experts urged healthcare CIOs to invest in proactive security measures to combat the growing threat. Alabama was the target. Unfortunately, Ransomware is not going to be going away, and thats because its a great moneymaker.

I wonder how this type of thing is created to begin with? I’m not saying that I’d send it out and demand money, since my goal of the blog and podcast is to alert you all on whats out there so we can protect myself. We all need money, but we need to do it the right way.

For example, on one of the pages on the blog is a donations button I believe. But if not, thats OK. Money isn’t the object of this podcast, but if you’re interested in donation options, get in touch.

I’m confident when I reminisce about the story one of my buddies told me about one of our own in the blindness field getting targeted with Ransomware. Remember this article entitled ATPC Hit with Ransomware, Does Not Pay where I talked about a textbook case of doing it correctly? We should bring it out and show companies that a company serving the blind community did it correctly, and we should all learn.

Getting back to the article at hand, Security Now covered quite a bit of ransomware this week in their episode for this week. If that show goes in to ransomware mode, whereby they’re covering nothing but ransomware in the news, its going to be the whole entire show. This can’t be a good sign.

Here are the notations from that episode.

  • Ransomware hits schools, hospitals, and hearing aid manufacturers
  • Sodinokibi: the latest advances in Ransomware-as-a-Service
  • Win7 Extended Security Updates are extended
  • A new Nasty 0-Day RCE in vBulletin
  • There’s a new WannaCry in town

As you can see, there are lots of things going on here, and its not going to go away any time soon. The fact that the main topic of this blog is ta;lking about the Alabama case, there is a lot more happening that we should be learning about too, and thats why I find the story of value. This is going to get very interesting.

Comments (0)

Its time for another patch Tuesday: time to reboot and update your systems

Its time for another patch Tuesday, and Krebs On Security and Trend Micro are offering the articles in regards to whats out there. I’ve already taken the computer offline and did the reboot necessary. The computer seemed to be a little slow anyway, so the reboot helped clear that up.

Below, please find the articles from my sources. Stay safe!

Please feel free to check these articles out for more information. Trend Micro is the longer of the two, where they detail whats patched, while Krebs is good in its own right, some detail, but enough to cover everything since Adobe is covered in that post as well. Both are good for their own right, and I want people to choose what article they want to take from. Thanks so much for reading, and make it a great day!

Comments (0)

Magecart is at it again, this thing doesn’t die

According to FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops from the TREND MICRO intelligence blog, this thing isn’t going away any time soon. According to the beginning of the article, another 3126 sites are effected, and this is now on the web, not just your brick and morter shop now. Once this thing is installed, it scrapes credit card data through scripts through the SSL connection and out to the bad guys. There are links to various items on this article, so paraphraising is going to be difficult. I’m passing this along so that we all can be aware, and do the best we can to protect our cards from this attack.

The bad thing is that the site may even look normal, and we may never know it. It seems thats the risk we take now. Let me know your thoughts on this one. It can’t be good.

Comments (0)

The New Features, Changes, Improvements, and Bugs in macOS Catalina for Blind and Low Vision Users

A little bit of Mac news coming across our desk while perusing Apple vis. This blog post with the same article title has all of the details.

What I really like are the functions that remind me of Dragon during voice dictation. That is awesome! I tried Dragon with Jaws many years ago, but its been a long time.

There are some bugs in regards to playing podcasts, and another bug, but a lot of enhancements with this update.

Give it time, update at your convenience, and feel free to report any bugs to the AppleVis community so they’re aware of it and to Apple so they can fix it.

Do let me know if you find this info of value.

Comments (0)

The court allowed the FCC to kill net neutrality because washing machines can’t make phone calls

I read a good portion of this, and I know the person who wrote this, I believe he was on This Week in Law on Twit. That podcast I quit listening to for some reason, I really should pck that podcast up. Check this article out, its lengthy, but yet goes in to the Net Neutrality debate, again. Oh Boy.


There is also a quote from Macbeth? Let’s experience this together.

Source: The court allowed the FCC to kill net neutrality because washing machines can’t make phone calls

Comments (0)

NCSAM: Get Serious with owning your data

A very well written article Get Serious About Cybersecurity: Take Ownership of Your Personal Data is being spotted through my twitter. The author of the article did a great job in talking about what we, as citizens, can do to help minimize the risk. Nothing is fullproof, but it must start somewhere.

Headings within this article include:

  • Too Much Information
  • Protecting Data
  • Check Privacy Settings
  • Own IT on Social Media

This can be broken down to a few points:

  • Don’t share what you wouldn’t share publically
  • Don’t make your profile public unlessyou have a good reason
  • Don’t post pictures of your vacation until you get back
  • and

  • always use caution when using a new app whether PC or mobile

I know about the oversharing way too much. There are people I have followed who tell us what they have had for breakfast, lunch, dinner and or snack. While I did check out the sharing of my whereabouts, I’ve since stopped that habit. I’ve never checked in at my own home, but I have checked in to a business to see what the game was, and I ended up being duke. After I saw that, I quit. I see someone travel across the country and they check in everywhere they can. Why? I have no idea.

We should know how our data is used. While we all hate reading privacy policies, mainly because they’re written in legal language and hundreds of pages, I’m proud to say that The Jared Rimer Network and MENVI, Bridging the Gap Between the Blind and Music do not write our policies in legaleese. I’ve made sure to mention what we collect, why, and what we’ll do if we can’t contact you for any reason.

Thats really all a privacy policy should have, unless the business collects payment info. If so, state this, what type of info you collect, how customers can update it if something changes, and what the policy is when the customer chooses to leave.

We’ve talked about one company quite a lot in their blunders. Without mentioning names, this company holds on to every piece of data on you, and can and has acertained other info without the customer’s concent. The company has called people based on caller ID data they have. Would nost companies do this?

There are other links to other aspects of this story, so I’ll stop here. What tips would you add to the conversation that I have not covered here?

Find me on social media through my web site hit me up by Email, or other methods should you have them.

Comments (0)

15 minutes of farting … dealing with bullying?

In this very interesting video, Steve Dotto talks about bullying in his youtube videos where he talks about tech stuff in short videos. Some of the videos I’ve caught. While this video is dated, I saw it in my twitter feed on the 4th of October. Here is the page on his web site which has a video player to play the video. I found it interesting, please feel free to comment.

Comments (0)

How Uzbekistan’s security service (allegedly) began developing its own malware

I am going to use the same article as found on Cyberscoop as this article title was interesting enough and the article is quite facinating.

I’ve never heard of this place, where the hell is it?

Wherever this place is, they develop malware. which means that it can’t be good. You are telling me that this is supposed to be a company in this country or territory and it doesn’t do security? It does malware and ships it out?

There are a lot of links within this article, but I just found the whole thing interesting and thought I’d share it. You can comment on this one at any time.

Comments (0)

We’ve got another breach, this time a tech support platform?

Hello everyone,

I’ve been pondering how to write this article for a few days. This article I’m talking about was posted to Cyberscoop on the 2nd of October. This article talks about a platform that has been used by many different companies. Zendesk announces data breach impacting years-old accounts is the name of the article and its unfortunate too. Mistakes happen, but making sure your software like this one should be updated whenever a patch is out. Have you seen this, and what have you thought about it?

Comments (0)

Older Posts »

go to sections menu


navigation menu

go to sections menu