go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: podcast announcements

Go to Homepage [0], contents or to navigation menu

sections menu

fine menu sezioni pagina

The Security box, podcast 33: Continuing where we left off with part 2 of the Keystroke logging topic and more

Hello folks,

Welcome to another edition of the Security Box. The RSS feed now has the program. Do you not want to deal with RSS or you can’t for any reason? Here is the 140.88mb file for you to get.

The RSS feed has the bulk of the show notes, but the show notes will be included in full including the full news notes segment which could not be included.

Here are those show notes.

On this podcast, we continue where we left off with our Key Logging topic, and we’ll also have news, notes, questions, comments and concerns. Hope you’ll enjoy the program as much as we have putting it together for you.

Topic: Continuing Key Stroke Logging

This may take several programs, but we must cover keystroke logging. We take from the Wikipedia page on keystroke logging so you can follow along. Different heading include, but not limited to: application, software based keyloggers, keystroke logging and writing processes, related features, hardware based keyloggers and history. There are 4 different headings for this article and a lot to read. I figured it would be a good discussion to have since it has come up in discussions of other things. I hope you enjoy the discussion as much as I am bringing it to you.

News Notes

  • According to an article found through twitter from a site called WSLS, Kroger is reporting a breach dating back to December. They’re notifying people because some employee data may have been accessed, however, the grocery and pharmacy chain who is based in Ohio indicate that no physical Store was ever effected. The breached was from a third party file transfer service I’ve never heard of called FTA. Accellion, the makers of FTA, indicate their file transfer product was patched even though the version used was 20 years old and is approaching end of life support. Kroger is latest victim of third-party software data breach has the complete details.
  • Scandinavian Airlines is among the victims of the Solarwinds breach, reports DN. This comes from Mikko Hyponen from F-secure translated what the tweet was saying and quoted an account on twitter who links to an article. Using Chrome and translating the page, I’m not getting a good read on it except its a potential backdoor attack. If there is an article in English, please let us know. I’m not linking to the Norwegian article since most of my readers may not understand it.
  • On February 22nd, I came across an article via the Lastpass blog that may be some days old but very valuable. The free service is changing quite a bit starting in March. The author, Dan DeMichele, goes in to detail on what is changing and it is very important for people to read it. The Tech blog also has this posted on the day mentioned and it’ll be linked here in the show notes for people. Quoting a paragraph it says:

    We’re making changes to how Free users access LastPass across device types. LastPass offers access across two device types – computers (including all browsers running on desktops and laptops) or mobile devices (including mobile phones, smart watches, and tablets). Starting March 16th, 2021, LastPass Free will only include access on unlimited devices of one type. 

    Examples are given on each, and they allow you a $9 discount if you upgrade before March 16th. Also going away is the free technical support. While I only utalized support sparingly, once was when I got my new phone and I needed their help to disable two factor. To learn more: Changes to LastPass Free is the article, feel free to read all of the details on this.

  • I’ll never think of Apple Juice as a juice that I enjoy again. While I like the drink apple juice, we’re not talking about the juice now, we’re talking about a piece of Malware that seems to have popped up again as CISA has gone ahead and issued an AA advisory and 4 MAR21’s in regards to this. Acording to 48A under targeted nations, it says:

    HIDDEN COBRA actors have targeted institutions with AppleJeus malware in several sectors, including energy, finance, government, industry, technology,
    and telecommunications. Since January 2020, the threat actors have targeted these sectors in the following countries: Argentina, Australia, Belgium, Brazil,
    Canada, China, Denmark, Estonia, Germany, Hong Kong, Hungary, India, Ireland, Israel, Italy, Japan, Luxembourg, Malta, the Netherlands, New Zealand, Poland,
    Russia, Saudi Arabia, Singapore, Slovenia, South Korea, Spain, Sweden, Turkey, the United Kingdom, Ukraine, and the United States

    There are many versions here listed including: AppleJeus Version 1: Celas Trade Pro, AppleJeus Version 2: JMT Trading, AppleJeus Version 3: Union Crypto, AppleJeus Version 4: Kupay Wallet, AppleJeus Version 5: CoinGoTrade, AppleJeus Version 6: Dorusio, and AppleJeus Version 7: Ants2Whale. Several of these have Windows and Mac components as well as crypto currency information within the AA. The MAR’s have not been read by me, but I suspect go in to detail about the specific ones. The MARS emails were all HTML raw based but everything is linked below.

There may be more, check the blog for things that may be of interest, and stay safe.

Enjoy the show!

Comments (0)

The Security Box, podcast 32: Part 1 of Keystroke Loggers

Hello folks,

On this edition of the podcast, we start a discussion of keuystroke loggers. As indicated in the last podcast announcement, we do have some tracks, but they’re short and don’t take a lot of time. The program is still much shorter than the program’s broadcasting length on the mix, and we’ll see how it goes for podcast 33. We’ve got news, notes and more. I’d be interested on what people think of our “things to ponder segment” which starts the program. Thanks so much for listening!

Don’t want to deal with the RSS feed? No problem! Here is the 141.06 file for you to download.

Now, without any further ado, here are the show notes for this program, and thanks so much for listening, reading and participating!

Welcome to the security box, podcast 32. On this edition of the program, we’re going to talk about keystroke loggers. I found a Wikipedia article which is detailed and there could be a possibility that this goes in to multiple weeks. We’ll also have news, notes, questions, comments and even a “things to ponder” segment to boot.

Topic, Keystroke logging:

This may take several programs, but we must cover keystroke logging. We take from the Wikipedia page on keystroke logging so you can follow along. Different heading include, but not limited to: application, software based keyloggers, keystroke logging and writing processes, related features, hardware based keyloggers and history. There are 4 different headings for this article and a lot to read. I figured it would be a good discussion to have since it has come up in discussions of other things. I hope you enjoy the discussion as much as I am bringing it to you.

Things to Ponder

During last week’s program, we were still learning about the possible issue in a small town in Florida that could’ve had some serious problems with its water supply if it weren’t for a worker noticing something as simple as a mouse moving. In this things to ponder segment, I talk about what we’ve learned to date, and its quite interesting. To date, I have two sources you can read more, one an article by our good companion Brian Krebs, the other from CISA. You should read them both, and of course listen to what my thoughts are and participate.

I hope you’ll participate in this interesting story.

News, notes and more:

This is the news, notes and other commentary from around the web. Where appropriate, links to any articles may be possible.

  • I was told on February 15th about a 60 minutes piece on Solar Winds and the potential hack or lack there of where the Russians were possibly involved. On my own Internet Radio show for Sunday, I talked about one such story where a tech story like this was found on my local news site KNX some month after I saw it in publications like Cyberscoop. This doesn’t necessarily surprise me that Solar Winds was covered on 60 minutes, it is a national syndicated program and is well respected. I respect them, but this is now old news, but yet I don’t know what they really had to say about the attack so I can’t ccomment further.
  • While I’ve not been blogging like I really should, we can’t skip patch Tuesday. Besides Windows, its a good idea to check for updates on other software such as Adobe Reader, and even software you use on a more frequent basis. As usually the case, Trend Micro and Krebs on Security are the two places where I get coverage on the patches. If you have not gotten your updates, you should be soon. Please reboot if necessary. For February, there were 56 vulnerabilities, according to Krebs. 9 of these are the most critical, according to the article. To date, over 1700 CVE’s have been already disclosed this year. The CVE this time is CVE-2021-1732 affects Windows 10, server 2016 and later. According to Trend Micro, 7 of the vulnerabilities were disclosed via the Zero Day initiative (zdi) program. According to the Trend Micro article, 3 out of the 9 critical issues are in networking aspects of Windows. Please read Microsoft Patch Tuesday, February 2021 Edition and February Patch Tuesday Fixes 11 Critical Bugs for complete details.
  • While Emotet was dismantled as well as other gangs, we can’t let our guard down. There are other things that are out there that can take its place, or even it being used as a stepping stone to other attacks across your network. According to the article, a paragraph states:

    In 2020, Emotet, Trickbot, and ZLoader were the loaders of choice for actors, contributing to 78% of the overall loader volume. 

    In 2021, trickbot and z-loader are still being used according to Phishlabs. Emotet Dismantled, Trickbot, ZLoader, and BazarLoader Step In should be read for the complete details. According to the Cyberwire Daily, seems as though Emotet is still going, even though infrastructure was disrupted by arrests of people.

  • While I’m behind on Trend Micro’s week in security postings as of late, I did come across some good news for a change which I always like to cover. The most recent article I’ve read in regards to arrests and seizures of infrastructure and domains deal with NetWalker’s ransomware gang. This is an article that our good friend Mr. Krebs covers. He describes what Netwalker is up to, the fact they are a ransomware as a service (raas) and how the domain or multiple domains were used. Its well worth the read, so check out the article Arrest, Seizures Tied to Netwalker Ransomware for all of the complete details.
  • Speaking of arrests, I read an article back on the 10th talking about the arrest of people involved with a phishing kit. According to this article, this phishing kit had a web control panel that would give you information as well as access to phishing templates and the like. The article Arrest, Raids Tied to ‘U-Admin’ Phishing Kit should be read for all of the complete details.
  • I don’t believe facebook for one minute. According to an article, Facebook, TikTok, Instagram and Twitter will target stolen accounts. How, I’m not exactly sure, but Facebook has been known to allow this type of thing. Instagram is part of their brand now, but I could see TikTok and Twitter having a stance. The article was written by mr. Krebs, and its a good article to read. The article talks about how these accounts are taken from legit users. The TTP’s include but are not limited to: Besides intimidation and harassment tactics, they use hacking, coercion, , sextortion, sim swapping and swatting. There is a forum called OG users which Brian covers in this well written article, and I urge everyone to read it. Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts is the article.

Lots to read and comment on, let your voice be heard!

Comments (0)

The Security Box, podcast 31 February 10, 2021

It looks like I have neglected to post some show notes for some programs, so its time to catch up on this. The Security Box has been uploaded, but I’ve neglected to post the notes.

On podcast 31, we pick up where podcast 30 left off on the domain discussion. We also covered news, notes, questions, comments and more.

Do you not want to deal with the RSS feed because you can’t or don’t know how? Here is the 103.03mb file and we hoep you enjoy it.

The podcast is much shorter than the program as we started playing less music within our program to comply with my other podcast. While podcast 32 plays some tracks, they are short tracks.

Here are the show notes for podcast 31 of the podcast, and again, thanks for listening!

Welcome to the security box, podcast 31. On this podcast, we’re going to continue the discussion of domains with several different things that we couldn’t get to from last week. Also, we’ll have news, notes, questions, comments and more. I hope you enjoy the program as much as we have putting it together for you.

Domain discussion:

Part of running a domain today is security certificates. These certs are called SSL certificates or what is now known as TLS. We have to remember that SSL and TLS are pretty much interchangable, keep that in mind.

When I first started reading Phishlabs, they were indicating that Phishing sites were not much into security as the ultimate goal was to get their wares out, not necessarily wanting to be secure. Thats when we learned through newsletters that looking for the padlock or https was the sign we’re secure. This is not the case anymore. This is because several years ago, a company called Lets Encrypt came up with an automated way of issuing the domain validated certificates that would be used for this purpose. The 200,000 web sites for August and September were unique sites according to the article. It also states that SSL encryption for phishing sites overtook SSL deployment for general websites. We also have a 10 percent increase in BEC attacks that originate from free Webmail accounts such as Hotmail, Outlook, MSN, mail.ru and possibly others.

According to the web site for Lets Encrypt, it says:

Let’s Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG).

According to the article, 80 percent of Phishing sites now have some form of SSL certificate installed up from the 74 percent I last saw. We’ve been covering this trend on the tech podcast, I remember when it indicated it was in the 50 percential. This is higher than most general websites, says the article. According to it, a survey from Q-source, 66.8 percent of web sites use SSL.

“Not surprisingly, most SSL certificates used by phishers were Domain-Validated (DV), which is the weakest form of certificate validation.” said LaCour. There are three types of SSL certificates, and DV certificates can be issued quickly, through an easy verification process. Of more than fifty-three thousand SSL certificates observed by PhishLabs, 91.3 percent were Domain-Validated.

Generally, PhishLabs found that cybercriminals are using free certificates. In Q3, 40 percent of all SSL certificates used by phishers were issued by the same free certificate authority, Let’s Encrypt.

According to the article, registrars are part to blame for the increase in phishing as there is limited action. Phishing has gone up sharply since March of 2020, and my article talking about one such phishing attack got something done. I sent the blog post linked here over to Mr. Krebs, and also called my provider I use. I called them up after doing some lookup and I mainly inquired as to whether they can help. As of Friday, February 6th, 2021: the domain emailhostsecurity.com is now suspended, and I don’t know when this officially occurred. The blog post linked here has the email that was sent to me, and I believe I talked about this on either the Security box or the main tech podcast.

According to the article, it says:

An average of 500 brands were targeted by phishing each month over the course of Q3, with SaaS remaining the most frequently attacked industry, targeted 31.4 percent of the time.

Under the Business Email Compromise section of the article it says:

The report also found 16.3 percent of BEC attacks involved domains registered by the phishers, with most originating from five registrars: Namecheap, Public Domain Registry, Google, Tucows, and NameSilo.

50 countries and 64 million dollars of potential stolen funds later, criminals have been identified in one year alone.

For the full details of the report and any links read: APWG Q3 Report: Four Out of Five Criminals Prefer HTTPS and let’s discuss.

Cybercriminals register hundreds of thousands of look-alike domains every year to impersonate reputable organizations and make a profit. These domains are used for a variety of attacks including phishing emails, fraudulent websites, web traffic diversion, and malware delivery.

Look-alike domains are intentionally misleading to give customers the false impression that they’re interacting with trusted brands, leading to significant reputation damage, financial losses, and data compromise for established enterprises. The process of creating an attack is inexpensive, and if threat actors move quickly to evade detection, they can make a large return on their time and money.

Millions of internet users are targeted with look-alike domains each year. The article has a graph that shows only a sampling of at least 50,000 threats that Phishlabs has observed.

The most common use of a look-alike domain is to set up a Website with Monetized Links. This approach is not necessarily malicious, yet it accomplishes multiple objectives:

The article goes on and says:

The registrant parks a domain and capitalizes on visiting traffic by adding monetized links. The link topics are typically related to the impersonated brand’s keywords, increasing the probability that visitors will click through to the destination website.

They let a domain “age” before using it. Most scammers typically use new domains quickly, yet some will maintain them for weeks or months. Recently registered domains garner low reputation scores and are a telltale sign of malicious activity, making them targets for security teams.

I believe that is why my incident was handled, as when I looked it up, it was only 4 days old!

There is much, much more in this article that we could spend a long time quoting and discussing it. I now invite you to read: The Anatomy of a Look-alike Domain Attack for all of the complete details. If something sticks out at you, please discuss it.

We aren’t going to cover this one, but another article in this series is Look-alike Domain Mitigation: Breaking Down the Steps if you wish to take a look at it. Its a long process, and I think it needs more work.

News, Notes and more

  • Looks like there are a couple of items I heard about in February 3rds episode of the Cyberwire. Looks like Solar Wind first has more problems with their software that they have fixed, but the most important thing in this episode is that the initial breach of 2020 actually could’ve started as early as December 2019 when it has been reported that Solar Winds had one of their Microsoft 365 accounts compromised. We’re continuing to hear more, and you can search this out if you wish to learn more.
  • Looks like Facebook has changed their mind about collecting Metadata for now, according to the same episode of The Cyberwire. I’m not sure I fully buy that, but if they’re going to use meta data, let them have at it I say. Besides that, it looks like Facebook is going ape because apple will be putting a feature in to IOS that will allow us to tell apps to identify us by our tracking ID. Mr. Zuckerberg says that it is apple dominating the ecosystem and if I could read between the lines during the interview of that episode, he’s not too happy as it hurts their bottom line. The person interviewed indicated that it is about time, and it has been in the works for awhile, even though Facebook and others may say that it is because of January 6, 2021’s event that sparked this.
  • Security Now, podcast 804 has a ton of stuff that might be of interest to listen to. The very first segment talks about security certificate authorities and the latest one Camafirma, being knocked off the list by Google Chrome starting with release 90 which will be released in April 2021. According to Security Now, there are multiple issues which the company said they’d fix between 2017 and 2020, yet, they were never fixed. Please listen to the Security Now program numbered 804 for complete details on some of what was wrong. Through the years, the technology podcast as well as Security Now have mentioned and talked about other authorities misbehaving. Even Symantech, the makers of Norton, sign certs and failed at times. Its ok to make a mistake, but being a security certificate signer is a privlage, not a right.
  • A company I’m not familiar called Nox, who makes some sort of player, may have been compromised with updates that were malicious in nature only making it out to a subset of its customers. The company says there is nothing wrong, according to Security Now, so people who use this player better do their due dilligance and make sure their device from this company is not infected.
  • Sans News Bites is reporting that school districts can get some help with their cybersecurity. The blurb from the newsletter says: “IBM has announced a $3 million grant program to help US school districts protect their systems from ransomware. IBM will award $500,000 in-kind grants
    to six school districts, which will be chosen through an application process. The applications opened on February 4 and close on March 1, 2021. Teams from
    IBM’s Service Corps Program will “help [the selected schools] proactively prepare for and respond to cyberattacks.”” Lets see what happens! Sans News bites links to multiple articles, see the link to the newsletter on the blog.
  • According to The Cyberwire Daily, Feb 4, 2021: Zoombomnbing is being done by high school and college students who are board and want to “piss off the teacher.” It may not have started that way, but the Cyberwire says that most of the problems now are with the kids.

Comments (0)

The Security box, podcast 31: More Domain discussion, news, notes and more

Hello folks, welcome to the show notes of the Security Box. Yes, its been a couple of days, however, its better late than never I’d say. Other stuff got delayed like the playlists for my shows for my independent stuff, so it isn’t too bad.

The RSS feed has had the program up since the podcast was done, and now its time to provide the link to the podcast as well as the extensive show notes.

You’ll notice that we only have two tracks now, and the lunch time set I play if I don’t have anything else was not broadcasted. This makes the podcast less than two hours instead of the 2 and a half hours the internet radio program took. I hope that this makes the podcast better to listen to.

Don’t want to mess with RSS? Here is the 162.57mb file for you to download. Thanks so much for listening!

Welcome to the security box, podcast 31. On this podcast, we’re going to continue the discussion of domains with several different things that we couldn’t get to from last week. Also, we’ll have news, notes, questions, comments and more. I hope you enjoy the program as much as we have putting it together for you.

Domain discussion:

Part of running a domain today is security certificates. These certs are called SSL certificates or what is now known as TLS. We have to remember that SSL and TLS are pretty much interchangable, keep that in mind.

When I first started reading Phishlabs, they were indicating that Phishing sites were not much into security as the ultimate goal was to get their wares out, not necessarily wanting to be secure. Thats when we learned through newsletters that looking for the padlock or https was the sign we’re secure. This is not the case anymore. This is because several years ago, a company called Lets Encrypt came up with an automated way of issuing the domain validated certificates that would be used for this purpose. The 200,000 web sites for August and September were unique sites according to the article. It also states that SSL encryption for phishing sites overtook SSL deployment for general websites. We also have a 10 percent increase in BEC attacks that originate from free Webmail accounts such as Hotmail, Outlook, MSN, mail.ru and possibly others.

According to the web site for Lets Encrypt, it says:

Let’s Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG).

According to the article, 80 percent of Phishing sites now have some form of SSL certificate installed up from the 74 percent I last saw. We’ve been covering this trend on the tech podcast, I remember when it indicated it was in the 50 percential. This is higher than most general websites, says the article. According to it, a survey from Q-source, 66.8 percent of web sites use SSL.

“Not surprisingly, most SSL certificates used by phishers were Domain-Validated (DV), which is the weakest form of certificate validation.” said LaCour. There are three types of SSL certificates, and DV certificates can be issued quickly, through an easy verification process. Of more than fifty-three thousand SSL certificates observed by PhishLabs, 91.3 percent were Domain-Validated.

Generally, PhishLabs found that cybercriminals are using free certificates. In Q3, 40 percent of all SSL certificates used by phishers were issued by the same free certificate authority, Let’s Encrypt.

According to the article, registrars are part to blame for the increase in phishing as there is limited action. Phishing has gone up sharply since March of 2020, and my article talking about one such phishing attack got something done. I sent the blog post linked here over to Mr. Krebs, and also called my provider I use. I called them up after doing some lookup and I mainly inquired as to whether they can help. As of Friday, February 6th, 2021: the domain emailhostsecurity.com is now suspended, and I don’t know when this officially occurred. The blog post linked here has the email that was sent to me, and I believe I talked about this on either the Security box or the main tech podcast.

According to the article, it says:

An average of 500 brands were targeted by phishing each month over the course of Q3, with SaaS remaining the most frequently attacked industry, targeted 31.4 percent of the time.

Under the Business Email Compromise section of the article it says:

The report also found 16.3 percent of BEC attacks involved domains registered by the phishers, with most originating from five registrars: Namecheap, Public Domain Registry, Google, Tucows, and NameSilo.

50 countries and 64 million dollars of potential stolen funds later, criminals have been identified in one year alone.

For the full details of the report and any links read: APWG Q3 Report: Four Out of Five Criminals Prefer HTTPS and let’s discuss.

Cybercriminals register hundreds of thousands of look-alike domains every year to impersonate reputable organizations and make a profit. These domains are used for a variety of attacks including phishing emails, fraudulent websites, web traffic diversion, and malware delivery.

Look-alike domains are intentionally misleading to give customers the false impression that they’re interacting with trusted brands, leading to significant reputation damage, financial losses, and data compromise for established enterprises. The process of creating an attack is inexpensive, and if threat actors move quickly to evade detection, they can make a large return on their time and money.

Millions of internet users are targeted with look-alike domains each year. The article has a graph that shows only a sampling of at least 50,000 threats that Phishlabs has observed.

The most common use of a look-alike domain is to set up a Website with Monetized Links. This approach is not necessarily malicious, yet it accomplishes multiple objectives:

The article goes on and says:

The registrant parks a domain and capitalizes on visiting traffic by adding monetized links. The link topics are typically related to the impersonated brand’s keywords, increasing the probability that visitors will click through to the destination website.

They let a domain “age” before using it. Most scammers typically use new domains quickly, yet some will maintain them for weeks or months. Recently registered domains garner low reputation scores and are a telltale sign of malicious activity, making them targets for security teams.

I believe that is why my incident was handled, as when I looked it up, it was only 4 days old!

There is much, much more in this article that we could spend a long time quoting and discussing it. I now invite you to read: The Anatomy of a Look-alike Domain Attack for all of the complete details. If something sticks out at you, please discuss it.

We aren’t going to cover this one, but another article in this series is Look-alike Domain Mitigation: Breaking Down the Steps if you wish to take a look at it. Its a long process, and I think it needs more work.

News, Notes and more

  • Looks like there are a couple of items I heard about in February 3rds episode of the Cyberwire. Looks like Solar Wind first has more problems with their software that they have fixed, but the most important thing in this episode is that the initial breach of 2020 actually could’ve started as early as December 2019 when it has been reported that Solar Winds had one of their Microsoft 365 accounts compromised. We’re continuing to hear more, and you can search this out if you wish to learn more.
  • Looks like Facebook has changed their mind about collecting Metadata for now, according to the same episode of The Cyberwire. I’m not sure I fully buy that, but if they’re going to use meta data, let them have at it I say. Besides that, it looks like Facebook is going ape because apple will be putting a feature in to IOS that will allow us to tell apps to identify us by our tracking ID. Mr. Zuckerberg says that it is apple dominating the ecosystem and if I could read between the lines during the interview of that episode, he’s not too happy as it hurts their bottom line. The person interviewed indicated that it is about time, and it has been in the works for awhile, even though Facebook and others may say that it is because of January 6, 2021’s event that sparked this.
  • Security Now, podcast 804 has a ton of stuff that might be of interest to listen to. The very first segment talks about security certificate authorities and the latest one Camafirma, being knocked off the list by Google Chrome starting with release 90 which will be released in April 2021. According to Security Now, there are multiple issues which the company said they’d fix between 2017 and 2020, yet, they were never fixed. Please listen to the Security Now program numbered 804 for complete details on some of what was wrong. Through the years, the technology podcast as well as Security Now have mentioned and talked about other authorities misbehaving. Even Symantech, the makers of Norton, sign certs and failed at times. Its ok to make a mistake, but being a security certificate signer is a privlage, not a right.
  • A company I’m not familiar called Nox, who makes some sort of player, may have been compromised with updates that were malicious in nature only making it out to a subset of its customers. The company says there is nothing wrong, according to Security Now, so people who use this player better do their due dilligance and make sure their device from this company is not infected.
  • Sans News Bites is reporting that school districts can get some help with their cybersecurity. The blurb from the newsletter says: “IBM has announced a $3 million grant program to help US school districts protect their systems from ransomware. IBM will award $500,000 in-kind grants
    to six school districts, which will be chosen through an application process. The applications opened on February 4 and close on March 1, 2021. Teams from
    IBM’s Service Corps Program will “help [the selected schools] proactively prepare for and respond to cyberattacks.”” Lets see what happens! Sans News bites links to multiple articles, see the link to the newsletter on the blog.
  • According to The Cyberwire Daily, Feb 4, 2021: Zoombomnbing is being done by high school and college students who are board and want to “piss off the teacher.” It may not have started that way, but the Cyberwire says that most of the problems now are with the kids.

Comments (0)

The Security box, podcast 30: Domain discussion, a talk segment, news, notes and more

Hello everyone! Welcome to the tech podcast as part of 986 the mix entitled The Security Box.

For those who don’t know, this is a weekly show on the Independent channel of the Mix’s suite of servers, and we have multiple ways of listening to the server if you wish. Please go to the Magnatune and independent channel page to learn about it and ways to listen.

The technology blog has had the program up since shortly after the program aired, but I neglected to get the show notes up on the blog which this post will cover here.

Do you not like the RSS because you can’t or you would rather have it on the computer? No problem! Please download the 162.57mb file and I hope you enjoy the show as much as I have bringing it together for you!

Now, without any further ado, let us give you the extensive show notes for this episode and we’ll see you on another edition of the program!

Welcome to podcast 30 of the Security Box. On this security box podcast, the goal is to talk about domains. We’ll talk about what a domain is, how they work, a little bit about the IP system, and some recent news in regards to domains, registration companies, look-alike domains and more. We’ll have news, notes, questions, comments and Michael in Tenessee with a segment to boot.

Domains discussion:

Domains are used instead of an IP address so people can get to web sites quicker. Instead of going to 198.x.x.x to get to my web site, you go to my domain name. You can easily get to the IP of where my domain is located by pinging or trace rooting the domain.

In the following example,, I pinged my domain, and the next line will show my current IP.
Pinging jaredrimer.net [198.37.123.246] with 32 bytes of data:

Since the site is up, I got 4 replies (not shown here) and it returned me back to the prompt. Since multiple domains can live on one IP, just typing the IP in to your browser will not give you the web site you want, and I’ve not been able to figure out how to do this without typing the domain name I want such as jaredrimer.net.

According to the Wikipedia page on domain name system it goes back to the Arpanet days in the 1970’s. The Stanford Research Center (SRI International as its now known) maintained a hosts text file that pointed to different domains in the .edu era which was the first domain system for that time. Elizabeth Feinler developed the first directory on Arpanet. She had to be called during business hours and would manually update it. Jon Postel would also work with her as he was at USC’s Information Sciences Institute as it was known then. Elizabeth came up with the DNS and who is directory as well as basing domains based on the location of the computer. There’s more to this, so read the link to DNS for complete information on this.

Now the fun part. The DNS system and domains were not built with security in mind. With that in mind, Phishing for passwords started in the late 80s and early 90s as we discussed in earlier podcasts. Now, domains can be taken over, phishers and scammers can take domains over by social engineering, sub-domains can be created anywhere in the world, web sites can be taken, and more.

Domains must be registered with companies that can provide services for pointing domains to wherever the owner wishes to go. Rules are in place to make sure that certain domains go in certain locations, material suited for adults are labeled as such by the content creator, and valid accurate information is given whether it is public or not. Icann is responsible for IP allocation as well as rules governing domains as outlined above. Registrars must be accredited for following rules set forth by Icann. There are large companies, small companies, and medium sized companies that may sell domains through their services. One such registrant is Net 4 India. They’re looking to get in trouble for some pretty serious stuff, and you can read more through Icann. I found this when making sure I had the right URL to Icann, for the show notes. While they may not be a registrar if they do not comply with what is asked of them.

One large registrar is named Go Daddy. They’re based here in California, and while they’ve had their issues, they seem to be very credible and honest. People can choose who to have as a registrar, and that is all well and good. Recently, they have helped out with the Solar Winds fiasco that has plagued us since early December, but in November, an article came out saying that they were tricked to have attackers take over domains including the big named site, escro.com. In this case, a site called liquid.com which is part of a network was incorrectly given to an actor who then got access to other document storage. This isn’t the first time Go Daddy has been in the news and the article linked here entitled GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services should be read for the entire story of this ordeal. I’m sure this can happen to anyone, even if you have two-factor and proper security measures in place. There are items within your account to prohibit transfers without your knowledge, but this can be bypassed by customer service in cases where it may be necessary to do so by law enforcement takedowns or other situations. Besides liquid.com, other sites may have been mentioned within this article which I’m not going to cover in these notes. The article linked here is coming to us from Krebs on Security, and is a great read on its own time.

One of the things we continue to see is phishing, and all kinds of things including what is known as look-alike domains. What is a Look-alike Domain? is the article title. Under “Anatomy of a Look-alike Domain” which is one of many headings within this article, it says:

Domain names act as a map to tell browsers and other applications how to find what we’re looking for. Explaining the full structure of domain names and their hierarchy is more complex than this, yet here are the basics:

There are three bullet points within the article I want to discuss.

  • The top-level domain portion on the far right can identify the location where the domain registrant resides, their organizational purpose, or even the
    industry of the business that registered it. 
  • The second-level domain section is the address name and unique identifier often manipulated to impersonate domains used for legitimate purposes. They
    enable our computers to find the server where a website or email is hosted.
  • A subdomain is a part of the domain that helps registrants organize a website into different sections or categories. Subdomains can also used to create
    look-alike domains. Example: phishlabs.000webhost.com.

According to the article:

The process is inexpensive, and threat actors will see a large return on their investment if they know what they’re doing and move quickly to evade detection.

As discussed earlier, domains can be cheap to buy, and now we’ve got a bigger problem with domains that look like something similar to what you might have seen elsewhere. Take the Apple emails for example. Please check out this article for complete details on this, because it is quite a lot to talk about.

Next week, we’ll talk about the APWG quarter 3 report on Phishing and what criminals are looking for. We’ll also talk about more look-alike domain stuff coming from Phishlabs. For now, if you want to take a peak at the APWG report, APWG Q3 Report: Four Out of Five Criminals Prefer HTTPS and leave your thoughts on it. That article came out in December 2020.

Segments:

Michael in Tennessee is on to talk about Facebook, apps, updating phones and other odds and ends. The segment is roughly 50 minutes long.

News, Notes and more

  • Security Now, podcast 803 talks about a railway in China. I remember hearing something about this, but they were running in flash. I guess the Chinese railway did not know that there was a timebomb in flash where it haulted the railroad for half a day. Good thing I didn’t write or learn flash, seems like it was more of an inaccessibility problem for the disabled with screen readers until elements were made accessible. Time to rid of it, it isn’t useful in today’s environment. Security Now goes in to other agencies that might be effected by flashes demise. Good-bye, Flash.
  • In the same episode, Steve and Leo talk about the ransomware attacks becoming a big problem. We already know that, but according to the episode, actors may deploy a prolonged Distributed Denial of Service attack (ddos) if you don’t pay. This was employed by two ransomware gangs, Suncrypt and Ragnar Locker . Think this is a huge problem now? If I weren’t to pay because I couldn’t afford it, keep my website offline by attacking it until I decided to pay? What else is next?
  • Also in this episode, Steve goes in to great detail from about 47 minutes in, till about 70 minutes in, talking about the Solar Winds breach and the fact that the actors may have started as early as February 2020. They turned off logs when they wanted to do something, turned them back on when they were done, and carefully, painsteakingly, made sure they covered their tracks. Teardrop and raindrop are just two variants of malware that was used. Also disclosed was the fact they removed the malicious DLL’s from Solar Winds in June 2020 after they got their targets. The segment is worth listening to, the episode itself is full of items you might find of interest.
  • Emotet and other gangs have been having their sales shortened with some loss of members. Emotet, NetWalker and TrickBot have taken big blows, but will it be enough? was written by Cyberscoop and International Action Targets Emotet Crimeware are two articles. A third article on this is Sharp Increase in Emotet, Ransomware Droppers should go here because while the gangs are being depleated, this stuff is being used as a backbone to other malware. Researchers are still checking out what is happening, and we’ll see how things go.Read this article linked here, and continue to check out the blog for more.
  • valid.cc is one of many sites shuttered, according to an article written by Krebs on Security. ‘ValidCC,’ a Major Payment Card Bazaar and Looter of E-Commerce Sites, Shuttered is the title of this article.

    ValidCC, a dark web bazaar run by a cybercrime group that for more than six years hacked online merchants and sold stolen payment card data, abruptly closed
    up shop last week. The proprietors of the popular store said their servers were seized as part of a coordinated law enforcement operation designed to disconnect and confiscate its infrastructure.

    There are many types of shops out there that sell card not present data, but most source the data from other criminals in the business. The article is pretty detailed, so check it out.

  • This is some great news, U.K. Arrest in ‘SMS Bandits’ Phishing Service is the article.

    Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns
    via mobile text messages. The service, marketed in the underground under the name “SMS Bandits,” has been responsible for blasting out huge volumes of phishing lures spoofing everything from COVID-19 pandemic relief efforts to PayPal, telecommunications providers and tax revenue agencies.

    If we can slow these guys down, that’s great. Keep up the great work! I just got a message about a package beginning with 1Z that was supposed to be a fed-ex package was delayed. I already know the link is not what it claims to be. I have no packages for delivery at this time. Want to try again?

  • The tax man will be coming around to collect their payments for this past year, but a Krebs on Security Article is talking about ID theft as part of the tax man. The Taxman Cometh for ID Theft Victims is the article, and its time to repeat this again. There are a lot of links within the article, quoting anything here is impossible. Check out the article its worth the read.
  • If solar winds wasn’t talked about enough, an article entitled After SolarWinds breach, lawmakers ask NSA for help in cracking Juniper cold case should be read. The first paragraph says:

    As the U.S. investigation into the SolarWinds hacking campaign grinds on, lawmakers are demanding answers from the National Security Agency about another
    troubling supply chain breach that was disclosed five years ago.

    I’m surprised we’re still interested in that one, but I don’t believe we got any answers on it either.

  • This Week in Security News – Jan. 29, 2021 has tons of stuff here including parents saying yes to more screen time during these times, Sodinokibi is examined, another article on emotet, fake office 365 used for phishing attacks, CEOs are most valuable for phishing, three actively exploited zero-days, Linux is not out of the woods as threats are around for that, and cybercriminals use SMS to send sweepsteaks credit cards and delivery scams. As part of Michael in Tennessee’s segment, I mention this.
  • Going back to January of this year, shell scripts are being used for cloud credentials. The article Malicious Shell Script Steals Cloud Credentials is the article, and maybe its time to bring this up as part of news notes. The subhead says: “In past cryptocurrency mining attacks, malicious shell scrips were typically used as downloaders. However, recent cases show that they now serve other purposes such as stealing sensitive data.” This is definitely worth the read.
  • Parler was shut down some time ago, and a denial of service protection company is giving up IP space belonging to them. In an article DDoS-Guard To Forfeit Internet Space Occupied by Parler we learn why. According to one paragraph written by Brian, it says:

    The pending disruption for DDoS-Guard and Parler comes compliments of Ron Guilmette, a researcher who has made it something of a personal mission to de-platform conspiracy theorist and far-right groups.

    This was definitely a very interesting read.

We hope you enjoyed the program as much as we have bringing it together for you. We know there were a few tech problems, it’ll be worked on. Not sure what is up, but its just strange some times. See you on another edition of the box next time.

Comments (0)

The Technology podcast, podcast 359 for January 29, 2021

The technology podcast has been posted to the rss feed yesterday, and this is the download for the podcast. Its an hour, and covers several different things.

Welcome to podcast 359 of the technology podcast. I’m Jared, and its time to bring you another podcast.

Today, we’ve got something I think you’ll be interested in as I talk about something that has been around awhile that seems to be finally dismantled, at least for now. What might that be? Its called Trick Bot. I heard a podcast about it and how it has pretty much fell, but yet, its still around according to an article I’ll be talking about and reading later.

Next, I talk about Weather Gods. Its one of many different apps on the app store. I posted on the tech blog and on Applevis in regards to this topic, and I chose this app because of my needs, and something I feel isn’t fair called double extortion. There is a paid app, and then they want us to pay for a subscription for what I can get for either beta testing, or paying for the subscription. Thoughts are welcome.

Finally, could Net Neutrality be coming back? According to a podcast, it might be, and I talk about it here instead of the security box.

Contact info is at the end of the program as usual.

What to read or listen to:

Thanks for listening!

Comments (0)

The Security box, podcast 29: messaging applications, cloud security, news, notes and more

Hello folks, welcome to the security box, podcast 29. While the show notes has the topics on hand, the show notes on the rss did not cover any of the news notes items.

Don’t want RSS? No problem! Here is the download of the program (147.07mb) for you to have.

Now, without further ado, let’s get those show notes out for you.

Welcome to the security box, podcast 29. On this episode of the podcast, what seems to be the problem with messaging applications such as Whatsapp, Signal and others when it comes to their security? What do you think of for cloud security for 2021 as the pandemic continues? We’ll have news, notes, questions, comments and more including bits from Sans News bites, Trend Micro and more.

Topics

  • Security Now episode 802 was released and broadcasted the week of January 19, 2020. On this podcast, are we really concerned about what application we choose to use to message? Steve says that it doesn’t honestly matter, as metadata isn’t all that big of a deal. Who really cares if phone numbers, time of messages, and even how long audio messages may be? There are apps discussed for more private communication, but metadata doesn’t cover the content of the message itself. From Steve’s introduction taken from his security now page he writes in part:

    Then we wrap up by looking at various aspects
    of the frenzy caused by WhatsApp’s quite predictable move to incorporate its users’ conversation metadata into Facebook’s monetization ecosystem.

    This segment lasts roughly 20 minutes as I play the segment for all to hear. What do you think about this?

  • What about cloud security for 2021? The Top Worry In Cloud Security for 2021 is the Trend Micro article, and I found a video on their youtube page that seems to voice the article. We’ll play this video and we’ll discuss. Cloud Dynamics: Top Cloud Security Challenges for 2021 is the video. Your thoughts are welcome.

News notes and more

  • Cyberwire Daily for Friday, January 21st is talking about an android app called “daily food diary.” Apparently, this app doesn’t just care what you’re eating as you are to take pictures of what you’re eating, but it wants contact permissions, phone call permissions, foreground permissions, runs in the background, exfiltrates data, and more. Check out thecyberwire.com web site for more and for a link to the episode. “I can’t believe I ate all of those fries the other day” should probably not be written in this app, but using another application.
  • The Cyberwire Daily reports that Malwarebytes, a company talked quite a bit on Andy and Josh’s tech talk and Music show, recently gotten bit by the actors that may have been responsible for the Solar Winds breach. According to Cyberwire, the actors may have gotten to some of Malwarebyte’s email access through Microsoft365. Malwarebytes does not use Solar Wind products, the podcast states. UNC2451 is the name given according to the podcast, and it seems to be a name of a particular group. This link is the link to the notations for the podcast in which I’m writing about.
  • There’s always plenty in the news notes sections of Trend Micro. Some may include articles on APT attacks, an article on malwarebytes and their compromise by the supposed solar winds folks, VPN filter and how it is still being used as routers are still compromised, a phishing scam that lead thousands of passwords searchable through Google, a bug in Signal and other apps allowed attackers to listen in to calls, CISA warning about hackers using phishing to get at cloud services and more. If there is something that is of interest to you, I’ve got this week’s news, news ending January 22, 2020. Here’s the link to the article for you to peruse.
  • In a very interesting turn of events, we learn that someone who was to be released on Covid concerns will not be released. On the 22nd, I read an article that indicates that a hacker must stay behind bars, even though a judge said that he would be released due to Covid concerns within the place he was staying. He also was charged with new charges. The hacker in question stole personal data on 1300 U.S. Military government employees and giving it to an Islamic State hacker. The person’s name is Ardit according to the article. The new charges, according to the article stem from activity he has done behind bars. There’s more to the article, read it as it is entitled: New Charges Derail COVID Release for Hacker Who Aided ISIS. This article was written by Brian Krebs. I found this interesting. Another article on the same story is: After judge orders release of hacker tied to ISIS, US says ‘Not so fast’ which was written by Cyberscoop’s Jeff Stone.
  • A Health insurer, Excellus, penalized $5.1M by HHS for data breach. According to the article, The $5.1 million fine is for violations of privacy and security rules under the Health Insurance Portability and Accountability Act (HIPAA) which has a good start in protecting our data, but I’m sure it isn’t enforced. We’ve had too many breaches in the health care industry, and its time to send a message to health care that our data is important. Health insurer Excellus penalized $5.1M by HHS for data breach is the article, and I think it should definitely be read.
  • Rob Joyce is now the new NSA cybersecurity director, according to an article written by Cyberscoop’s Shannon Vavra. He replaces Anne Neuberger as director of the agency’s cybersecurity directorate. Anne will be joining the Biden team according to the article. For full details and links to other items, why not check out the article Rob Joyce named new NSA cybersecurity director for full details?

Thanks so much for checking out the program, and I welcome your questions, comments and concerns! Lets talk.

Comments (0)

The Security box, podcast 28: 2020 year end reports, teledildonics, news, notes and more

Hello folks, welcome to the Security Box for this week. This week’s show is packed and we’ve got the entire show notes for you. The rss got the show the same day, and it got a bit of the show notes up to the news notes.

News Notes is where I try to be thorough in covering with links to various stories where possible. I could not get this in to the notes for RSS, however, it’ll be available on the blog as we have unlimited space for the blog.

You tell me that you don’t want to mess with RSS? Please don’t worry. I’ve got you covered with the download of the file (172.62mb) for you to download.

Now, without any further ado, let’s give you those show notes so that you can read anything that is of interest. Thanks so much for checking out the blog, podcast series, and my web sites!

Welcome to podcast 28 of the Security Box. On this podcast, a couple of year in review items, news, notes, something called teledildonics or “The Male Chasity Cage” from a recent Security Now podcast, news, notes, questions, comments and more.

Topics:

News, notes and more

  • One of the biggest carding shops to date will be closing its doors come February 15th, 2021. Some of the reasons why it is closing are: poor performance on up-to-date value cards, the government shuttering some of their domains, and apparent covid-19 diagnosis of the owner of the shop. According to the article from Krebs on Security, the shop has been around for 6 full years. Most notably, some of the breaches that were high-profile that this shop sold valuable credit card data include: Saks Fifth Avenue, Lord and Taylor,  Bebe Stores,  Hilton Hotels,  Jason’s Deli,  Whole Foods,  Chipotle, Wawa, Sonic Drive-In, the Hy-Vee supermarket chain, Buca Di Beppo, and Dickey’s BBQ. According to Krebs, those who got in early will be able to cash out, while most will need to cash out before closure on February 15th. Both articles cover this well with links to various other stories, and the tech blog will be having this covered as well. Joker’s Stash Carding Market to Call it Quits Krebs on Security and Joker’s Stash, a forum for stolen data, says it will shut down within 30 days Cyberscoop should be read, and you can decide which article you like.
  • Did you get your windows update on? Microsoft Patch Tuesday, January 2021 Edition and January Patch Tuesday Repairs Critical MS Defender RCE Bug should be read. MS Defender always gets updates, so this should already be patched according to articles. This month, there are 83 updates. 7 of the 83 were reported by Trend Micro’s ZDI project.
  • The Vulnerability summary email I get might have things that pertain to you, one being mentioned by them for Del. The Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS RuntimeServices overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the RuntimeServices structure to execute arbitrary code in System Management Mode (SMM). If you have this, call Dell to get an update link or information on how to obtain it. There are also patches for Android and chrome listed in the high severity list. Here’s CISA’s writeup for people to see.
  • Have you read this week in Security news which ended January 15th, 2021? There’s qquite a bit in there including some in which we’ve also covered. You can consider this as a digest of news each week, and usually I post these to the blog. Since I haden’t been feeling well, some of this stuff is being posted to the blog for the first time. This Week in Security News – Jan. 15, 2021 is the article, did you find something of interest?
  • Mimecast had some certificates stolen, and there may be a link to the Solar Winds breach according to the article. Mimecast breach investigators probe possible SolarWinds connection is the article, and well worth the read. If you’ve been effected, Mimecast has already contacted you hopefully by now, but if not, do contact them for assistance.
  • Krebs on Security says that if Solar Winds got breached as bad as they did, this can happen to anyone. I’d hate to find out if Microsoft got that breached, and all of Windows was compromised. SolarWinds: What Hit Us Could Hit Others is the article from Brian, and its definitely worth the read. Its all about the supply chain.
  • Ring adds encryption to their product for video feeds between your camera and your app. Some may say that this is a little too late, but sometimes you don’t think about such things. Ring has been in the news for varying reasons, hopefully this will help. Ring adds encryption tool as other security questions surface is the article talking about this if you are a customer. If not, you might want to read it anyhow, because if you’re considering being a customer, this will be of importance to you. Ring is an Amazon product.
  • You’ve probably heard about Signal and the pain they had when an influx of customers left facebook and went there. The reason is because Facebook was going to collect Metadata like phone numbers, how long messages were, and contacts just to name a few. This is common practice, even the phone companies do this when you place a call. Since Facebook has my cell phone number for my account already, I honestly don’t see this to be a problem. Signal endures ‘technical difficulties’ amid new popularity is the article, things hopefully will be returning to normal really soon.

Thanks so much for listening, please contact me throughout the program with questions, comments and concerns. We’d love to hear from you!

Comments (0)

The Security box, podcast 27: Breaches of the last year, security predictions, news, notes and more

Hello everyone, the RSS feed has had the podcast for at least a day now. Today has been a bit draining today, although I’ve felt great when I woke up, but then just didn’t have a whole lot of energy as the day progressed.

That being said, I did listen to my daily podcast, and there has been news that came out of that and of course Trend Micro came out with other news I have not read. Some of this will be covered in next podcast, but this podcast does have some interesting topics today.

The RSS does have a lot of the show notes, but I like to be as detailed as I can with the show notes so we’ll have them here for you.

You tell me that you don’t want to deal with the RSS because you don’t have a reader, or you just don’t want to learn? That is OK. Get the 169.67mb file by clicking on the link or pressing enter.

Here are the show notes for this program, and thanks for listening!

Hello folks, welcome to the security box, podcast 27. Trend Micro has a report they do each year talking about the trends of the next year and its worth talking about. Did you know about any of the breaches of the past year? We’ll go through that thanks to Solutions Review, as well. We’ll have news, notes, commentary and more and even a guest to boot if everything goes well. Thanks so much for listening, and make it a great day!

Topics:

  • The Security Predictions from Trend Micro is always something fun to read. We’ll talk about some highlights that might be of interest, and of course, we’ll take questions and comments in regards to this. You can read the article entitled: Takeaways from Trend Micro’s 2021Predictions to learn more. I also posted a blog post with my thoughts on this one, and its available for everyone to read.
  • Are you aware of the biggest breaches of the year? There is a post with videos and text, and we’ll talk about this. Ben Canner, a follower of mine on twitter, tweeted out Solutions Review Presents: The Top Data Breaches of 2020 and boy, is it something that I think we should cover.
  • Cyber Wire Daily has what they call Research Saturday. This is a link to January 9th’s episode on Emotet and I will be summarizing this as part of this week’s program. There is a link to read show notes, and thanks to Overcast for providing a link to the episode, I think its worth sharing.

News Notes:

I think we’re going back to the original format that we started with, its much easier to maintain it that way. If you liked the other format, please let me know.

  • According to Cyberwire Daily, a podcast, President Trump was removed from Twitter for several days, as well as removed from Facebook until he leaves office. The Washinton Post may have an article on this, as they site the post as being where the reports of him being kicked off. The January 7th program talked about the fact President Trump urged people to show their displeasure, although a tweet said to do it peacefully. It made no difference, as people demonstrated and caused problems on January 6th and caused the recount to be delayed. It was resumed later in the evening, and president elect Joe Biden was confirmed. Facebook bans Trump indefinitely; risks ‘simply too great,’ Zuckerberg says and Facebook, Twitter act on Trump’s false messaging after violence at Capitol should be read in regards to the latest on this ordeal. These two articles were read after listening to the podcast.
  • This Week in Security News – Jan 8, 2021 has quite a lot of articles, some of which I had meant to cover but haden’t had an opportunity to blog about.
  • Russian man sentenced to 12 years in prison for massive JPMorgan data heist is a bit of good news after a long bout of wondering if we are going to get some good news. While I published some good news recently, 2021 has gotten off to a great start with this one. This J.P. Morgan breach at the time was the biggest to date for that time, but Solar Winds today tops that. This was well orchestrated, and you should read this.

Things to ponder:

  • Have you ever heard of Swatting? The tech podcast covered swatting and technology and things before, but swatting and Internet of things? Security Now episode 800 covers this in a 9 minute segment which I introduce making the segment over 12 minutes long. Do you really have your security settled?

Comments (0)

The Technology podcast, podcast 358: Stripe demo, terms of service violations, and a very interesting dark net diaries podcast

Welcome to podcast 358. The RSS has the program up for you. Here are the show notes for this program.

On this edition of the technology podcast, a stripe demo for you on their app. Also, people getting away with blatently violating terms of service. Finally, Dark Net Diaries had an episode on the darknet and someone who got caught in the crosshairs of the law because they baught and sold drugs on the underground. I hope you all enjoy the program. This program lasts 84 minutes. Enjoy!

The Darknet Diaries podcast can be found by going to dark net diaries on the web.

Don’t have or want to deal with RSS? No problem! Here is the 76.99mb file for you to download.

Thanks so much for listening, and we’ll see you again on the next edition of the program!

Comments (0)

The Security Box, podcast 26: Solar Winds, apps for spyware and more

Welcomne to the security box, podcast 26. We have a 229.68mb download and our RSS to boot.

You can search my name, Jared Rimer, to get my podcasts on apple podcasts, overcast and others if you wish. I checked it out in overcast, and both this one and my internet radio program is available.

Since this is a blog post in regards to the Security Box, we’ve got lots of notations that were not included in its RSS, so I guess its time that I put the whole show notes out there for you to read since I pointed people to the blog there.

Here are those notes.

Hello folks, welcome to the security box, podcast 26.

Topic continuing:

The topic of Shaken and Stir will get its wrapup from podcasts 21 and 23.

This should be the last of this as we don’t have far to go with it.

Things to ponder

  • I can’t believe that we are talking about spy applications that could spy on people while they use their phone. There are applications for Mac, IOS, Android, Windows Mobile, Windows PC, Symbian, HTC and others.

    Some of the most famous examples of these monitoring applications are iSpy for iOS and Freezy for android phones. Other examples include SpyFu for Mac, Rxected for iPhone, logger for Blackberry, Cloner for Windows Mobile, GoArtical for PSP, CoolMobile for Windows Mobile, MyTrace for iPhone, MyTrace for Android, MyTrace for PC, Sonar for Symbian, ATOM GPS for HTC, ATOM GPS for Windows Mobile and PC.

    Are you a parent, and what do you think? The article is well written and I’m not bashing the article, nor the web site, but the practice of using such an app when children can find these apps if they think they’re being tracked. What about the web site practices? From koolwebsites.com, we have: Watch Your Kids with Mobile Spy Apps is the article and I hope this sparks some discussion. blog post from the tech blog with comments are also available to you.

    • News Notes

    Arrests

  • We start off with some good news in the arrests department, where 21 people from the UK and other places were picked up for using stolen data from a now defunked site calledWeLeakInfo. Besides learning about these 21, we learn about others too. Quoting: the article says:

    “Of those 21 arrested — all men aged between 18-38 — nine were detained on suspicion of Computer Misuse Act offences, nine for Fraud offences and three are under investigation for both,” the agency said in a Dec. 25 release. … “A further 69 individuals in England, Wales and Northern Ireland aged between 16-40 were visited by Cyber Prevent officers, warning them of their potentially criminal activity. 60 of those were served with cease and desist notices,” the NCA said. “Many more of these visits are due to take place over the coming
    months.” “As well as being customers of WeLeakInfo, evidence suggests that some had also purchased other cybercrime tools such as remote access Trojans (RATs) and
    crypters,” the agency said. “Additionally, three subjects have been found to be in possession of, or involved with, indecent images of children.”

    Let that last one sink in a little bit. Article: UK arrests suspects tied to WeLeakInfo, a site shuttered for selling breached personal data

More News Notes

  • Boy, Ticket Master sure does seem to be the bad guy. They ended up paying $10 million because they illegally used passwords they obtained from former employees of another company to see what they were up to. Is this the right punishment for such a big company who sells tickets to many different types of events? Tickemaster pays $10M fine to settle charges of using stolen passwords to spy on rival company is the article, and boy is this big.
  • I have some security news coming out of the United Kingdom in this blog post which might be of interest to people if they haven’t seen it already. The article talks about WeLeakInfo and Cyber Scoop does a good job covering this one. I put it under arrests for more info, but my blog post does have other odds and ends on it too.
  • The blog has plenty of news on Solar Winds and I even have a three part article which you can go find. I know we’re not done with that.
  • Travel Booking company pays out money for 2016 breach was talked about on my blog, and boy was it a big headache for the travel company.

Want to comment? Feel free to get in touch! Contact information is throughout the program. Thanks so much for listening!

Comments (0)

Podcast 24 of the asecurity box additional notes

While I was looking at stuff to prepare for this week, I found that I had done show notes for podcast 24. I’ve replaced my copy of the notes I released at the time of that podcast release.

I did want to bring some good news in to the podcast, as well as linking to some of the Solar Winds stuff.

This post is only to update the shownotes, nothing else has changed. Go to the podcast section of the blog and find the first entry of podcast 24 if you need a link for downloading.

Welcome to program 24 of the Security Box. While the program is not a live program, we’re going to continue to give people up-to-date material that is of importance while we look back in the year in review. All news will be broken up, but we’re only linking to stories in the sections, we are not going to comment on each one like we do for the live show. The tech blog may also have articles with more commentary. Hope you all enjoy the program as much as I have putting it together for you.

Solar Wind:

Solar Wind is now the biggest topic. While the tech blog has commentary in writing, we’re linking to things as a resource so you can see them when the podcast is released. In this podcast, I only have one segment, so the articles will be of value and you can decide what to bring up once we return to the airwaves for our live shows.

Good news:

This section will cover anything in the good news department, we need more of it don’t you think?

Thanks again for listening, make it a great day!

Comments (0)

The Security Box, podcast 25

Thanks so much for checking out the Security Box if you listened on the Independent channel while we took the time off.

The RSS feed should have the file as we scheduled it to be released about now. Don’t want to deal with RSS? Download the 148.90mb file and enjoy.

Show notes

Welcome to podcast 25 of the security box. This podcast was compiled on Christmas day, but was released on the 30th of December. On it, we go through podcasts 341-357 of tech, playing a few segments which were also covered on this podcast like catphishing, some of the security items throughout the year from the blog, and even other highlights. Highlights the security box and some of what we covered in podcasts including two interviews. This podcast is 167 minutes and is the last of the two podcasts before we resume the first week in January. Hope everyone enjoys the lookback, and thanks for listening!

I’ll be back with a live program next week. Thanks for listening!

Comments (0)

The Security box, podcast 24: The breach that is, year end review part 1

Hello folks, welcome to the podcasted version of the Security Box. On this version of the show, we’ll be covering the biggest breach to date. We also have our year end stuff which we look back on the podcast coverage on the year that was. Here are the notes for this show.

Welcome to podcast 24 of the security box. This is a full podcast, as we’re on a two week break. Here is what we have for the podcast.

  • The biggest item that we have in the podcast is the biggest breach in the Solar Winds feasco. We’re still learning, check the blog for more. Here is a blog post to get you started with the whole fiasco, but there is definitely more.
  • Podcasts 333-340 is covered in different segments throughout the year in regards to what has happened throughout the year. We’ll continue it next podcast.

The podcast is a little over 2 hours including our final track. Thanks so much for listening!

Don’t want to deal with RSS? No problem! Here is the 114.41mb file for you to digest. Thanks so much for listening!

Comments (0)

Technology podcast 357: the last tech podcast of 2020

Welcome to the final technology podcast of 2020 for the tech podcast series. Don’t worry, I’ll be working on more podcasts for this series.

Here are the show notes for today’s program.

On this edition of the podcast, the final podcast of 2020, we’ll demo Weather Underground. I wanted to do two demos, but I think one is enough. I hope you’ll enjoy it.Apple Vis has a post in their directory of apps about Weather Underground – Forecast which was written up. While I do like the app, I believe the person writing this has the same points I do. I do find it accurate, but there are definitely some accessibility issues which you’ll hear about in the demo.The Security Box will have other podcasted content, so the feed will still be going strong in 2020. On podcast 358, I hope to have another demo of something i learned about, an app that’ll assist me with billing credit cards. See you all then!

Don’t want to mess with RSS? Don’t freat! Download the 48.57mb file as this show is under an hour this time. Thanks so much for listening, and continue to watch the blog for more.

Comments (0)

The Security box, podcast 23 is now available

Hello folks, I present you the security box, podcast 23. Below, please find notes and things, the show notes, and a direct download link as usual.

Welcome to podcast 23 of the security box. The full show notes follow, noting that the rss has the first portion. I hope that you enjoy the program.

Note, that this is the last live program until the first Wednesday of January 2021. The JRN will continue to give you Security Box episodes covering the year in review, 2020 from both the tech podcast and Security Box platforms.

Here are the show notes.

Welcome to podcast 23 of the security box. Picking up where we leave off, we continue with Shaken/Stir and its discussion from podcast 21.

Besides that, we’ll go ahead and talk about a company which doesn’t really care about the security of its customers. The name has been mentioned in passing, but now its time to talk about some very serious stuff on a podcast.

We’ll have news, notes, and more.

Topic:

Shaken/Stir was discussed on podcast 21 of the podcast, and podcast 23 will finish it off. Here are the links, taken from podcast 21’s notations.

News Notes

Government:

  • Oh boy, the government is really in trouble. Multiple articles within the last 24 hours indicate that the Comerce Department are in some serious trouble and maybe more are on the way. Cyberscoop and Krebs on Security are two sources, and there may be more from these sources. The government has had a lot of trouble with their security, now this? The cyberscoop article in question says in part:

    Hackers breached the Commerce Department, and reportedly have infiltrated the Treasury Department and other U.S. agencies, in incidents that government
    security officials said on Sunday that they were fighting to contain.

    There were signs that the impact could stretch far and wide in not only the government, but also the private sector. SolarWinds, an IT provider to many
    government agencies and Fortune 500 companies, said it was working with law enforcement, the intelligence community and others to investigate a vulnerability
    apparently implanted into its supply chain by a nation state.

    “We can confirm there has been a breach in one of our bureaus,” a Commerce Department spokesperson said. The spokesperson added that Commerce has asked
    the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency “and the FBI to investigate, and we cannot comment further at this
    time.”

    This blog post from Monday goes in to a little bit more, including showing who this company Solar Wind has as customers. We’re definitely going to learn more about this one.

  • The UScert now has something on the solar wind issue which I’m going to put in the show notes. It was released well after I broke the story Monday morning on the blog. Active Exploitation of SolarWinds Software may end up getting updated, and the USCert is an arm of the government.

You get caught, get time, and don’t try to get an appeal: some good news!

Open forum:

  • Why do we have to hand out our social security numbers as identifiers for everything we do? I understand places like Social Security, the Department of Motor Vehicles, and places that require that. Job applications require it, its known as a bad identifier as it can be taken and that is it for you. What do you think about that? Sound off.

Want to download today’s program? Don’t worry! Use this link to download the 193.60mb file and enjoy!

I’ll post another blog post after podcast 25 with the links to the entire archive to date like I did for the first 13 episodes. Thanks so much for listening to the program and feel free to participate any time!

Comments (0)

The Security box, podcast 22: BEC, what is it?

I know that the blog hasn’t been touched in about a week, and I have blogging to do. The first blog post is going to be the show notes for the just completed security box which is available on the RSS feed. Don’t want to deal with RSS? Download the 167.05mb file and I hope you enjoy the program.

Here is the show notes which are short, compared to other notations.

Welcome to the security box, podcast 22 picking up the podcast with business email compromise.

Besides that, we talk about a couple of people who have been a problem in the phone world, tie it in to phone security, and find out if these guys would be capable of using such tech. Comments also came in about scams when looking for a place to live, and of course some tunes come along with it. Enjoy!
Delving into the World of Business Email Compromise (BEC)
Business email compromise

See you next week!

Comments (0)

The Security box, podcast 21: The beginning of Shaken and Stir

Hello folks, the RSS feed had the podcast up yesterday, but its time to get the show notes up here. We’ve got quite a bit in the news notes category, as it was quite interesting what we found. There may be more coming soon that we’ve not blogged about, so feel free to check out the blog for more.

Download the Security box, podcast 21 (164.6mb)

Welcome to podcast 21 of the security box. This week, I thought it would be interesting to take you through the Shaken and Stir protocol. This protocol is supposed to go through and make sure we get adequate caller ID.

Below, please find resources that we found on the Internet for the Shaken and Stir protocol, and I’ll be working on braille material so that I have something in writing. We hope that you enjoy the program today.

Topic:

News Notes

Home Depot

Tik Tok

Ghosts in our machines

Breach News

  • A networking giant recently got owned with data leaking out on their employees and business partners. Is your data like that insecure?

    Belden, a U.S. manufacturer of networking and industrial cable products, said Tuesday that unidentified attackers had accessed and copied data on current
    and former employees, and some of its business partners.

    The company is based in St. Louis, and they made over 2 billion dollars this past year. Wonder how much is going toward cleaning this up and what happened with them? Networking giant Belden says hackers accessed data on employees, business partners is the article for this one.

Ransomware

  • An article that finally talks about the fact that these actors aren’t quitting? I’ll have my full thoughts posted on the blog, but boy why does this not surprise me that Phishlabs is finally saying this? I said it back in April. Ransomware Groups Break Promises, Leak Data Anyway is the article, and boy its a good one.

There may be more that I’m not going to post here in the notes, so make sure that you check out the blog and other sources for what may be of interest to you. Thanks for checking out the program as usual!

Comments (0)

The Security Box, episode 20: PCIDSS, OCSP stapling, news notes and more

Hello folks, welcome to the Security Box, podcast 20.

First of all, we’ve delayed this and all other posts a day so people can enjoy the thanksgiving holiday and not be bombarded with postings on that day. Be that as it may, I present you program 20, with a few technical problems that I couldn’t help.

Be that as it may, the show turned out well i hope, and I hope that the topics given here are of interest.

Don’t want to deal with the RSS where the program was uploaded? No problem! Download the 206.75mb file by using this link.

Below, please find the elaborate show notes with links to all kinds of things, and I hope you all enjoy the program!

Welcome to podcast 20 of the security box. On this podcast, we pick up where we left off from podcast 19 and the credit card discussion. We’ll go more in to detail about PCIDSS and I’ll talk about the 12 steps we covered a bit of last week. We’ll also talk about other stuff including news, notes, and more.

These show notes are broken up in to segments, and even the news notes will look a little bit different. Let me know if you like these notes. I think it’ll be quite nice to do it this way.

Credit Card discussion:

We continue by talking about the credit card standard PCIDSS which is supposed to be followed. Last Podcast, I mentioned some items that I thought needed changing, but we’ll go through it all.

Apple VS Logging your application use:

  • In a turn of events,, it looks like Apple is getting targeted for logging every application launch. According to an article which I also talk about on the blog, this isn’t the case. It looks like apple has implemented something that has been talked about in the security field and podcasts like Security Now before called OCSP Stapling. In this podcast, we’ll talk about OCSP Stapling, and what it really means. You can also check out this write up Does Apple really log every app you run? A technical look and form your own opinion on what apple is doing.

Things to ponder:

  • Michael in Indiana is along with a very good reason why we need to look at our credit cards and our statements on a regular basis. This file should be listened to as a security 101 lesson to all people.

News notes:

We’re segmenting these notes, let me know what you think.

Good News!

We’ve finally got some good news around here, that’s quite awesome!

  • We’ve got good news coming out of Krebs on Security and I believe Cyberscoop has this as well. Krebs is reporting that an Irishman was caught as part of a sim swapping person was picked up.

    A 21-year-old Irishman who pleaded guilty to charges of helping to steal millions of dollars in cryptocurrencies from victims has been sentenced to just
    under three years in prison. The defendant is part of an alleged conspiracy involving at least eight others in the United States who stand accused of theft
    via SIM swapping, a crime that involves convincing mobile phone company employees to transfer ownership of the target’s phone number to a device the attackers
    control.

    Its best to read the article in full detail because it’ll talk about what this is, who is involved, and how this is a big ring that has recently been picked up. The article is entitled Convicted SIM Swapper Gets 3 Years in Jail is the article.

Government

  • Trump Fires Security Chief Christopher Krebs comes from Krebs on Security. I guess Mr. Trump isn’t too happy with the particulars of the election, and I understand his position. There may have been issues, but is there proof that the election issues this year happened because of foreign interfeerence? I’m not too sure on that, we did cover the article that indicated Christopher Krebs said there wasn’t anything foreign, and I believe what he is saying. There could have been local things that have happened across the country, none of which happened over the Internet as far as I can tell. Another article dealing with the firing of trump is entitled Trump fires CISA chief Chris Krebs, who guarded the 2020 election from interference and domestic misinformation for your perusal.

Bug bounty

  • Steve Gibson has always said that one particular Project Zero member has found the ideas for his bug bounties by taking a shower, and now its a woman’s turn to do the same. Facebook Messenger Bug Allows Spying on Android Users is the article and Natalie Silvanovich, the researcher, must be given propts for finding this and Facebook fixing this in over a month. She got $60k in bounty from this work.

Breaches

  • I can’t believe we have to go through this again. In the breach department, not only do we have a misconfiguration of an AWS cloud bucket, but even though one was made private, the large amount of data made available through the CDN is absolutely astronomical compared to the people that use said application. I’m glad the app is successful, but the app’s web site is not saying anything when contacted. From Threat post: Good Heavens! 10M Impacted in Pray.com Data Exposure should be read, and this can’t be good. This is the worst I think that can happen to us as a nation, and we don’t know who these people are. Luckily, it was researchers that found it as far as we know, but what if it wasn’t originally?

Catch up:

  • OK, so Michael in Tennessee is along with comments on several different things including the forementioned Google ordeal.
  • I touch more on the email I got (blog post) when Preston called in as part of the first segment talking about securing data and how the email said they had data. Don’t worry, I’ll still be blogging stuff throughout the weekend, and we’ll see how things go.

While the show had some technical difficulties, I think you’ll enjoy the program anyway. Its going to happen, and we have to go along with it. See you on another edition of the program, next week.

Next week, we’re going to talk about something that I think needs to be talked about even though places like Security Now and others may have talked about it. I mention this at the end of this week’s program, you don’t want to miss it. Its called Shaken and Stir, and its a very interesting protocol. We’ll take a dive in to it next week. Enjoy!

Comments (0)

Tech podcast 356: The Braille Transcription course is a failure, a company getting in to trouble, Mac, IOS and more

Welcome to another edition of the technology podcast. The RSS feed has the podcast already, but I’ve been lackluster on getting things up as of late.

Want to take the downloaded 65.17 file instead of subscribing to the podcast? No problem. Here is the 65.17mb link for you to have.

Here are the show notes.

Welcome to the tech podcast. Assignment 19 was a complete fail, and I know that I had a lot of failure but not all was my fault. You can search out this write up on the blog, but I talk about it here. Next, a company may be getting themselves in some trouble Forget going to a hotel … especially since records go back to 2013 … were you effected is the blog post I wrote, are you effected? Next, JFW 2021 and MAC version 11 are out and I taklk about both. Finally, I found some good news in the security field and I even have one more. Finally, a laugh and contact info at the end. Hope that you enjoy the program and I’ll see you all later!

I hope you enjoy the podcast! Thanks so much for listening.

Comments (0)

Older Posts »

go to sections menu

navigation menu

go to sections menu