go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: podcast announcements

Go to Homepage [0], contents or to navigation menu

sections menu

fine menu sezioni pagina

The Security Box, episode 20: PCIDSS, OCSP stapling, news notes and more

Hello folks, welcome to the Security Box, podcast 20.

First of all, we’ve delayed this and all other posts a day so people can enjoy the thanksgiving holiday and not be bombarded with postings on that day. Be that as it may, I present you program 20, with a few technical problems that I couldn’t help.

Be that as it may, the show turned out well i hope, and I hope that the topics given here are of interest.

Don’t want to deal with the RSS where the program was uploaded? No problem! Download the 206.75mb file by using this link.

Below, please find the elaborate show notes with links to all kinds of things, and I hope you all enjoy the program!

Welcome to podcast 20 of the security box. On this podcast, we pick up where we left off from podcast 19 and the credit card discussion. We’ll go more in to detail about PCIDSS and I’ll talk about the 12 steps we covered a bit of last week. We’ll also talk about other stuff including news, notes, and more.

These show notes are broken up in to segments, and even the news notes will look a little bit different. Let me know if you like these notes. I think it’ll be quite nice to do it this way.

Credit Card discussion:

We continue by talking about the credit card standard PCIDSS which is supposed to be followed. Last Podcast, I mentioned some items that I thought needed changing, but we’ll go through it all.

Apple VS Logging your application use:

  • In a turn of events,, it looks like Apple is getting targeted for logging every application launch. According to an article which I also talk about on the blog, this isn’t the case. It looks like apple has implemented something that has been talked about in the security field and podcasts like Security Now before called OCSP Stapling. In this podcast, we’ll talk about OCSP Stapling, and what it really means. You can also check out this write up Does Apple really log every app you run? A technical look and form your own opinion on what apple is doing.

Things to ponder:

  • Michael in Indiana is along with a very good reason why we need to look at our credit cards and our statements on a regular basis. This file should be listened to as a security 101 lesson to all people.

News notes:

We’re segmenting these notes, let me know what you think.

Good News!

We’ve finally got some good news around here, that’s quite awesome!

  • We’ve got good news coming out of Krebs on Security and I believe Cyberscoop has this as well. Krebs is reporting that an Irishman was caught as part of a sim swapping person was picked up.

    A 21-year-old Irishman who pleaded guilty to charges of helping to steal millions of dollars in cryptocurrencies from victims has been sentenced to just
    under three years in prison. The defendant is part of an alleged conspiracy involving at least eight others in the United States who stand accused of theft
    via SIM swapping, a crime that involves convincing mobile phone company employees to transfer ownership of the target’s phone number to a device the attackers
    control.

    Its best to read the article in full detail because it’ll talk about what this is, who is involved, and how this is a big ring that has recently been picked up. The article is entitled Convicted SIM Swapper Gets 3 Years in Jail is the article.

Government

  • Trump Fires Security Chief Christopher Krebs comes from Krebs on Security. I guess Mr. Trump isn’t too happy with the particulars of the election, and I understand his position. There may have been issues, but is there proof that the election issues this year happened because of foreign interfeerence? I’m not too sure on that, we did cover the article that indicated Christopher Krebs said there wasn’t anything foreign, and I believe what he is saying. There could have been local things that have happened across the country, none of which happened over the Internet as far as I can tell. Another article dealing with the firing of trump is entitled Trump fires CISA chief Chris Krebs, who guarded the 2020 election from interference and domestic misinformation for your perusal.

Bug bounty

  • Steve Gibson has always said that one particular Project Zero member has found the ideas for his bug bounties by taking a shower, and now its a woman’s turn to do the same. Facebook Messenger Bug Allows Spying on Android Users is the article and Natalie Silvanovich, the researcher, must be given propts for finding this and Facebook fixing this in over a month. She got $60k in bounty from this work.

Breaches

  • I can’t believe we have to go through this again. In the breach department, not only do we have a misconfiguration of an AWS cloud bucket, but even though one was made private, the large amount of data made available through the CDN is absolutely astronomical compared to the people that use said application. I’m glad the app is successful, but the app’s web site is not saying anything when contacted. From Threat post: Good Heavens! 10M Impacted in Pray.com Data Exposure should be read, and this can’t be good. This is the worst I think that can happen to us as a nation, and we don’t know who these people are. Luckily, it was researchers that found it as far as we know, but what if it wasn’t originally?

Catch up:

  • OK, so Michael in Tennessee is along with comments on several different things including the forementioned Google ordeal.
  • I touch more on the email I got (blog post) when Preston called in as part of the first segment talking about securing data and how the email said they had data. Don’t worry, I’ll still be blogging stuff throughout the weekend, and we’ll see how things go.

While the show had some technical difficulties, I think you’ll enjoy the program anyway. Its going to happen, and we have to go along with it. See you on another edition of the program, next week.

Next week, we’re going to talk about something that I think needs to be talked about even though places like Security Now and others may have talked about it. I mention this at the end of this week’s program, you don’t want to miss it. Its called Shaken and Stir, and its a very interesting protocol. We’ll take a dive in to it next week. Enjoy!

Comments (0)

Tech podcast 356: The Braille Transcription course is a failure, a company getting in to trouble, Mac, IOS and more

Welcome to another edition of the technology podcast. The RSS feed has the podcast already, but I’ve been lackluster on getting things up as of late.

Want to take the downloaded 65.17 file instead of subscribing to the podcast? No problem. Here is the 65.17mb link for you to have.

Here are the show notes.

Welcome to the tech podcast. Assignment 19 was a complete fail, and I know that I had a lot of failure but not all was my fault. You can search out this write up on the blog, but I talk about it here. Next, a company may be getting themselves in some trouble Forget going to a hotel … especially since records go back to 2013 … were you effected is the blog post I wrote, are you effected? Next, JFW 2021 and MAC version 11 are out and I taklk about both. Finally, I found some good news in the security field and I even have one more. Finally, a laugh and contact info at the end. Hope that you enjoy the program and I’ll see you all later!

I hope you enjoy the podcast! Thanks so much for listening.

Comments (0)

The Security box, podcast 19: Credit Cards, part 1

Hello everyone, it has been a busy couple of days. After the box Wednesday, I felt a little on the tired side and got some shut eye. On Thursday, I had other commitments and returning phone calls, so never got the program up.

On this edition of the program, I talk about credit cards, how they work, and a little bit about thePCI DSS program that vendors, merchants and us as people should know about. Because of time, and the fact my documentation had some trouble getting here, I highlight 12 different steps on what an article I found on a blog talked about. We’ll highlight those this time, but go in to more detail this coming podcast. Below, please find the entire show notes which include links to things.

Welcome to podcast 19 of the security box.

This week, let’s talk about credit cards, PCIDSS, and more.

We’re putting the Wikipedia link in for reference. Please do not rely on it alone, as the page talks about a lot of unsourced material. We also posted two of those sources as I liked them, and we’ll use one of them to talk about what PCIDSS is, and what is required. PCIDSS will be discussed as part of the next podcast as we’ll go in to more detail as well.

News Notes

Other news

Looks like we’ve finally gotten something that might work. After some time, I am now back on MyTelespace, where they have a call in number for callers who do not have the other technology to use. That number is 720-787-1080 and my box number is 8347 over there. Just another option for people to use. Thanks so much for listening, and make it a great day.

Want a hard copy of the file without going to the RSS to pick it up? No problem! Here is the 173.43mb file for you to directly download. I hope that you enjoy the program as much as I am bringing it together for you.

Comments (0)

The Security box, podcast 18: Election stuff in a different light, news, notes and more

The show notes are packed, and the RSS only got a subset of them. It has been a bit busy as of late, but we need to try and catch up with things and get these notes out.

For those of you who need a direct download to podcast 18, i’ve got you covered. Here is the link to the 191.52mb file!

The blog will have two more articles I talk about which I decided not to include in the show notes. Feel free to read anything here in the show notes that interests you, and remember to feel free to submit those comments. Thanks so much for listening!

This week on the security box, its one week after the election and results may or may not be in, depending on what is happening. Let us recollect on some of the election coverage where security has played a part. We are still having problems with misinformation, misconfigured servers, and more.

The goal is not to talk about the elections per see, but the articles that talk about the problems like misconfigured servers, probes in to what we have, and the election voting machines as a whole and how they are secure or not secure. Articles will be used for reference purposes.

  • Iranian hackers probed election-related websites in 10 states, US officials say should really be talked about, because of the fact that we do have misconfigured servers. Why in today’s environment are we still talking about misconfigured servers?

    Suspected Iranian hackers have probed the election-related websites of 10 states and, in one case, accessed voter registration data, federal personnel
    told election security officials on Friday.

    The suspected Iranian hackers have been attempting to exploit known software vulnerabilities in their search for voter data, federal officials said. They
    did not say which states were targeted. An FBI official on the briefing said attackers had probed websites in 10 states.

    “We weren’t able to attribute all of this activity to the same threat actor,” but there was overlap in IP addresses, IP ranges, virtual private network
    exit nodes, and other technical data, Roebuck said.

    There is no evidence that any of the activity has affected voting procedures, and U.S. officials stressed that the integrity of the vote is protected.
    CISA and the FBI used the briefing to encourage state and local officials to harden their IT systems days before Election Day. “We know that activity is
    out there, we know the steps” you can take to address it, said Matt Masterson, a CISA senior adviser.

    With voting underway across the country, U.S. officials have publicly attributed a series of foreign cyber campaigns related to the elections sector. It’s
    a federal effort to be more transparent about foreign threats compared to 2016, and at the same time reassure voters their ballots are being protected.

    The Iranian Mission to the United Nations did not immediately respond to a request for comment on the allegations.

    Why was there no comment by the government?

  • Here is some more government news was posted at a time I had several other articles I had read that I lumped in to one blog post. We should not be surprised when China is a safe haven for cybercriminals, seeing they were the first to build a firewall and have an Internet that is completely different. Then, in the same post, I link to the article about the Florida debacle I mentioned in a prior podcast. There are others, but they don’t qualify for this discussion.
  • Robocalls urging voters to skip Election Day are subject of FBI investigation, DHS official says comes from Cyberscoop. A very well written article about how Robo calls were part of a big problem where if you’re registered to vote, the calls basically said not to even bother. If you did vote, thank you! I know people aren’t registered, and that is a choice. Maybe after all of this is over, I’ll consider registering. I’ve really given it a thought. I would not listen to a call telling me that I shouldn’t go, if I didn’t go and I was registered, that is my own choice.
  • Its great when you have great partnerships especially if you can get better from the last election. Election security pros focus on effective partnerships comes from Cyberscoop.
  • Courts are busy, and one article entitled Last-minute court rulings on election go against GOP, voting restrictions from Cyberscoop is one of many. I won’t publish them all, but this one is in this list because it was just shy of the election and I thought it would be beneficial on the various types of issues. Its only a matter of time, but the courts must hear each case in turn and make decisions so the election is fair.
  • Finally, in a lengthy list, After a quiet election night on the cyber front, officials preach vigilance as results come in was posted on the 4th. This will be the last article in this rundown, as I don’t want to publish every single article that comes through, you can definitely find more through Cyberscoop and other sites. I’m definitely happy there was no major problems in the cyber relm, but there have been other problems not within the scope of this program or discussion.

There may be more, so please check the blog in case there are others that peek my interest. Also, check sites around, you might find something too.

Things to ponder

Disclaimer: The following are going to be things to ponder. Some things could be posted as a blog post, others are just thoughts based on one topic or another and may not be linked to anything. The opinions expressed are those of the presenter, and may not necessarily be those of the JRN, its staff, providers of software and services, or the like.

  • I got the best email ever. What was so interesting about it was the domain. Normally, I don’t comment on Spam, but Just saw the best email ever … in my inbox … domain is relatively new is the blog post. You’ll see the domain, as well as my thoughts. I talk about this one.
  • Amazon put a little bit of a scare in me by sending me an OTP when I did not even request one. I did some quick investigating and found I was not compromised, but turn on two factor (2sv) on Saturday, the 7th. I checked my transactions, card history, and other log in activity and didn’t find anything suspicious.
  • On podcast 6 of the Security Box, it was discussed that Michael in Tennessee had a security concern about his apartment WIFI setup. He isn’t wrong, as on September 7th, he called in to Twit’ The Tech Guy and asked Leo. On this podcast, we’ll play said segment and play Michael’s things to ponder segment as we give an update on the worst security ever. If you want to listen to podcast 6 from August 19, 2020 here’s the link to use (162162.33mb) for your enjoyment. Also read the text from tech guy labs, the tech guy: episode 1743.

News, notes, and more

The news notes section is quite interesting. this blog post from November 9, 2020: What has been read, blogged, and talked about: News ending November 7, 2020 goes in to some, but of course the blog has plenty of more, and a full rundown of some of the articles are mentioned. The linked post here lists 5 other articles I never blogged about because I got involved in other activities. I really need to just blog and quit keeping them around for long term storage. If you find something you want to talk about, please get in touch, and we’ll be happy to bring you on to any podcast.

We hope you enjoy the program as much as we have putting it together, thanks so much for listening and having a voice in a different type of podcast than others. Enjoy!

Comments (0)

The Security Box, podcast 17: catch up, Trend Micro, apps, and more

Welcome to the security box, podcast 17. TheRSS feed is where you can go to subscribe to receive this and the regular tech show, and this link is the link to use to download the 171.56mb mp3 file. While the RSS has the majority of the show notes, due to space limitations, the books section of the show notes was left out as those notes can only be 4000 characters. There, I link to the blog, and people can find it.

Feel free to comment on any of the topics from within the following program, and enjoy!

Welcome to podcast 17 of the technology series known as the security box.

Catch up

  • Michael in Tennessee makes an appearance as he was not able to make it last week. We talk about encryption, the lack there of from the government, and companies in general in the security landscape.We are not pointing our fingers at any one company, but mainly an open discussion.

Topics:

  • A subset of apps were targeted in an article that indicates that 76 percent of them have at least one vulnerability or bug. The goal is not to write perfect software, but software that can be fixed within a reasonable time frame. Different types of terms are used within this article, none of which I’m too familiar with, but the article I found quite interesting. It came from the folks at help net security. 76% of applications have at least one security flaw is the article, let us discuss.
  • Trend Micro has a program for free called House Call which is accessible. This was actually talked about this past Thursday with Andy and Josh. In the article Trend Micro HouseCall for Home Networks Trend Micro talks about what they’ve done with the program and how it can benefit you.
  • URL tracking systems like add words and add cents by Google can be abused just like the URL shorteners before it. How URL Tracking Systems are Abused for Phishing comes from Phishlabs, and its well worth the read. This should probably be talked about, because sites use these services including blindness related sites. Do you think it is time to move away from the services in the name of security?

News Notes and more

There may be more news that I didn’t cover here or on the podcast of the box, let me know what you want covered.

Books as part of segment 1

There are two different books that are available on BARD, one in audio form, one in braille digital form. It may be available elsewhere, but we want you to have these available if you want, talking about privacy in various ways. While I was told to read 1984, the title itself didn’t strike me as exciting as the book Privacy and Technology in the Digital Age. We’ll find full descriptions of both books, and remember to check the blog under NCSAM for other titles I’ve read.

The following books come from The National Library Service as part of the Library of Congress. The books may also be available elsewhere, and you need to search them out.

  • 1984: a novel DB73474
    Orwell, George; Pynchon, Thomas; Fromm, Erich. Reading time: 13 hours, 56 minutes.
    Read by Andy Pyle. A production of the National Library Service for the Blind and Physically Handicapped, Library of Congress.
    Literature
    Satire about an alternate London under a totalitarian regime overseen by the omnipresent Big Brother. Winston Smith, a Ministry of Truth bureaucrat, attempts
    an intellectual rebellion against the Party while he pursues an illicit romance. His actions lead to his imprisonment, torture, and reeducation by the
    Thought Police. 1949.
  • The digital person :: technology and privacy in the information age BR16095
    Solove, Daniel J. 3 volumes. A production of the National Library Service for the Blind and Physically Handicapped, Library of Congress.
    Science and Technology
    Computers
    Legal Issues
    Law professor examines the proliferation of databases that store information on individuals’ activities, interests, and preferences assembled through computers
    and the Internet. Examines privacy and legal concerns including identity theft, the debate over public records, and the use of government access to profile
    people for criminal or terrorist activity. 2004.

Thanks for listening, and enjoy the program!

Comments (0)

The Security box, podcast 16: lots of items including catchup, the government and more

Hello folks,

After the show on Wednesday, I got involved with a potential new client, and yesterday I set up a new client along the network. Be that as it may, I want to try and get some stuff out, which include the notations and download link for this show, and other stuff that I’ve been reading.

Be advised that I’ll be also working on the next podcast, even I’ve got some ideas on the next full tech program, so we’ll have more coming soon.

Now, here are the show notes for this past wednesday’s show. The show is already on the the rss fed for those who want to have it. Those who get it via dropbox already have it.

Welcome to broadcast 16 of the Security Box.

Time to catch up:

Jennifer, the staple it seems to this program, comes in with 8 different commentary pieces we’ll step through in regards to last week’s significant program on privacy, personal information online and the like. We’ll see how this segment goes when it comes to whether there needs to be anything else said, or whether it’ll speak for itself.

Topics:

  • What do you think when it comes to your web host and what they offer? Some web hosts are Windows based, some are linux based, some may have both, and some … well … may just not care what they host no matter what the platform. In an article entitled Planetary Reef: Cybercriminal Hosting and Phishing-as-a-Service Threat Actor which comes from Phish Labs, we’ll talk about a company that seems to be under multiple names, yet surves up all kinds of things that most web hosts would not tolerate. The group behind Planetary Reef leases IP space from a large reseller. I’m considered a reseller, selling space given to me, but a large reseller may be under a company that they buy their space from each month and they sell it to others. Let’s talk about this as there is a history behind the web space market throughout the years.
  • In a related topic I covered and didn’t originally cover under the rundown, we talk about this Krebs on Security article QAnon/8Chan Sites Briefly Knocked Offline and tie this and the first article together.
  • Has the Department of Justice not learned anything about why we need security today? I guess they really haven’t because a Cyberscoop article entitled DOJ efforts to weaken encryption place national security at risk, congressman says was written by Shannon Vavra and it is quite well written.

    Rep. Ro Khanna has one message for politicians who continue to suggest technology companies should give law enforcement agencies access to encrypted data:
    This is a power grab.

    The U.S. Department of Justice has long called for technology firms to create software that would allow law enforcement agencies to investigate suspects
    who use encryption to hide illegal behavior. For Khanna, a California Democrat, the tradeoff is too dangerous

    Most in government do not understand this, and its time that someone really hit the hammer home with this nonsense and lets put it to bed once and for all.

News, notes, and more

For a complete news notes overview, watch this space on the blog. I may have posted more than what is covered here, and what I do cover is only a few items from the subset of things I thought would be of interest. We’re not going to link to everything, but maybe something else caught your attention that I did not cover. Let us see what you think of the news covered in the program, and of course, the comment boards await you.

Things to ponder

I honestly didn’t see this coming. Now, … for a random breach … a psychotherapy center is something I bring up in news notes, but yet it is a serious thing. In things to ponder, I’ll give my thoughts on this one. Its beyond repair.

Want to get the file and don’t want to mess with the RSS feed? No Problem! Download the 171.38mb file by selecting this link. I hope you enjoy the program as much as I have bringing it together for you, and we’ll have another edition very soon.

Comments (0)

The Security box, podcast 15: Its time to check your privacy at the door

Today’s episode of the security box which should be on the rss feed covers all types of privacy. Armando is on, we have two people named Michael, and its well worth the conversation. The program lasts 4 hours.

Welcome to the Security box, podcast 15. It was mainly an open forum of privacy talk today.

  • Armando, a broadcaster here on the mix, was on talking about his experience with Covid and other privacy concerns he had in regards to that. We also got in to a twitter discussion with names we’ve seen. No mention of exact names are mentioned here but we do talk about this. The Melting Pot, October 9, 2020 and Armando’s Testimony can be listened to. These files will eventually expire, so get them while you can. Within the Internet Radio program, go in 86 minutes to hear the discussion.
  • In hour 2, I start and it continues in to hours 3-4 where we talk about privacy, the Internet, finding information, and other aspects of the discussion as Michael in Tennessee and Indiana both join me for hours 3-4 as part of this discussion.

This week’s show lasts about 4 hours, and I hope you enjoy!

If you want a downloadable copy of the program, download the 216.93mb file right here.

Thanks so much for listening to the program, and feel free to contribute! Again, the program is almost 4 hours in length.

Comments (0)

Tech podcast 354 for October 19, 2020

Its been awhile since the blog has been touched, and it is time for a podcast for the main tech podcast. As with the Security Box, we’re also going to supply sendspace links for easy downloads. The RSS feed has the program as usual but due to the way browsers made RSS work now, its beyond impossible to get it.

For a change, this particular podcast does not cover the Security Landscape at all. While I’ve been recovering fighting something, I still have news notes and more for last week to post as well. Its going to work out though.

Here are the show notes for podcast 354 for everyone to munch on.

Welcome to podcast 354 of the technology podcast series. The segments on this podcast are mid-length, but quite interesting I think for a change in pace for this particular podcast. Let’s tell you what we’re going to cover.

  • Time to get your M-braille On is the blog post for written communication, but why gripe when this happens to many pieces of software besides M-Braille? It got fixed, and it now works again. All operating systems has its fallbacks when upgrading, and I talk about this.
  • Shaun Everiss and I talk about Yahoo. Shaun sent me an email which prompted me to create this blog post and segment 2 is all his. Segment 4 is mine.
  • Its always nice to have a discount, but why do we, the disabled, need a discount? Yes I get it, our software is quite expensive, especially if you use Jaws or the discontinued Window-Eyes. Other pieces of software which include Duxbury and even Braille2000 are expensive. There are discounts for specific cases, but why phones? This blog post: A petition on lowering the cost of an iphone for the disabled? Let’s discuss talks about This Apple Vis forum post: A petition asking Apple to consider discounts for people with disabilities. which has quite a number of negitive comments. I see what was tried with this post, but there are already discounts for phones through the carriers and even through Apple itself through care. I’m linking to my blog post and Applevis in this show notes so you can choose which one you want to read.

I hope you enjoy the program as much as I have putting it together, and I’ll see you all on another edition of the program next time.

Want to download the 71.28mb file which lasts 77 minutes in length? Here’s the 77mb file for you and remember to get in contact with us! We’ll be waiting for you.

Comments (0)

The Security box, podcast 14: an update on an interesting story, passwords, and an interesting security topic on privacy and disclosing things

Disclosure of personal information can take many forms. In the undocumented segment of the podcast as I decided not to really write too much, we talk about something that really should make you think. I did put it in the show notes in a different way under topics. Besides that, we’ve got an update on an ongoing saga, passwords or passwordless? Plus you tell me what you have read in the landscape you’d like discussed.

Show notes

The Security Box, podcast 14 must continue with the ongoing saga of John Bernard. We’ve got an article on that. What do you guys think of a passwordless future? Lastpass talks about it. News, notes, comments, and more.

Topics:

  • What do you think of John Bernard? Apparently, the suspect that has been identified as this person walked away with 30 million dollars, and it doesn’t stop there. The end of the article claims from one company that they hope that he comes through with his promise. Promising Infusions of Cash, Fake Investor John Bernard Walked Away With $30M is the article. Could this be the end?

  • Passwords have long been one of the leading drivers of security risks and employee frustrations for businesses, which has only increased since organizations
    transitioned to working remote. Passwordless authentication, on the other hand, securely connects employees to their work without the need to type a password
    through technologies such as biometric authentication, single sign-on and federated identity. Is passwordless authentication the solution to the password
    problem? 

    This is only the first paragraph of this facinating article on a passwordless future which will get interesting. The article LastPass Research Finds 92% of Businesses Believe Passwordless Authentication Is in Their Organization’s Future is going to be discussed.

  • What is up with privacy? Conversations that could go awry because of an innocent conversation. Listen to the segment and form your own opinion.

News Notes:

I’ve done some reading but what about you? Submit things either by voice or text and lets discuss it.

Other things:

Twit had an event held on October 8, 2020. Here is a sendspace link to that download which I’ll have expire in 8 weeks from today. This is the property of twit, I’m supplying it as a courtesy to you. Visit the twit network to learn more about them.

Want to download the file and not want to mess with the RSS feed? Yes, its getting harder to open RSS feeds in the browser now, and sadly that’s too bad. Starting with this blog post, we’re going to supply a link you can use to download the program. Download the 138.51mb file and I hope you enjoy the 2 and a half hour program! Thanks so much for listening and participating in this program.

Comments (0)

The Security box is now on sendspace

For those who did not have a chance to listen to any of the Security box shows, here are sendspace links to the first 13 episodes.

Starting with Episode 14, after the notations, we will have a link to download directly. Thanks so much for checking out the program, and I hope that this is of value!

For this list, the podcast number and the file size is all that’s given. Again, podcast 14 will include its show notes, and a single line for downloading the file. I hope that this is a valuable edition, and we’ll do the same for the technology podcast starting with podcast 354 which we are starting to put together. Thanks so much for reading, participating, and having a voice in how the podcasts are done.

Comments (0)

The Security Box, podcast 13: Talking About Identity stuff of all kinds

The show notes are very very short, and the RSS feed is getting the podcast as we speak.

Here are the show notes, and I hope you enjoy the program.

Welcome to podcast 13 of the technology blog and podcast series known as the Security Box/. On this episode, we are going to cover NCSAM, week 1. The big thing now a days are your security and identity protection when it comes to your online safety. The first article Identity Fraud: How to Protect Your Identity Data, Accounts and Money During the Coronavirus Crisis is discussed in a taped segment. Speaking of identity, Preston from Pensylvania is going to be on with an interview that I did with him talking about experience, stories, and the like. We’ll also cover some news if time allows. Please make sure that you tune in to the blog web site for all of the news, as NCSAM will be busy and lots of items will be posted. You may want to decide to subscribe so you don’t miss anything. Thanks for listening!

We’re looking in to getting sendspace again, the pro version of it so we can once again provide downloadable links. I had to get rid of it at one time and didn’t really want to do that because people were using it to download stuff. Anyhow, we’ll get it and I’ll supply a full list of downloadable links to the entire set for everyone soon, then include it in future podcast releases as part of the show notations here on the blog. See you all soon.

Comments (0)

Technology podcast 353: Identity Theft and the Corona virus, Google, and more

I know I haven’t done a tech podcast in awhile, and the RSS feed has the program. The show notes have links to a few blog posts that cover some of the topics, and of course, I plan on doing more blog posts in the future relating to all kinds of stuff that might be of interest.

Below, please find the show notes, and of course, thanks for listening!

Welcome to podcast 353 of the technology podcast.

  • NCSAM is out now, its the month of October and its definitely going to be an interesting month. Our first segment talks about the fact that identity theft may be more of a problem now more than ever. blog post
  • KNFB reader was intigrated in to newsline. People were griping about it on Apple Vis, and may have been in social media as well. I looked at the app one day, and I find it quite interesting but still easy to use. They griped because they had to reverify their info, otherwise known as reauthenticate. KNFB Reader lite works well, and I am glad I have choices. blog post
  • Michael in Tennessee taught me about Google and pairing to bluetooth devices. While I told my phone to forget the device, I had to go back in to google and get it repaired as I tried to demo how I got it to work. Be that as it may, this was kind of cool. Thanks Michael for this!
  • On a prior podcast, we covered SSL and what is happening with threat actors today. I intend to write a blog post with my thoughts, but the Security Box definitely covered this. Podcast 12 of the box covers this in a talk show format, but I figure it should be covered here for those who don’t want the longer program. Tell me what you think.

The full program lasts an hour, so I hope you’ll enjoy it. Thanks for listening! See you on another edition of the program.

Comments (0)

The Security Box, podcast 12 for September 30, 2020

Welcome to podcast 12 of the security box. We had quite a few topics this time, and even a podcast segment. Want to participate? Contact info is given throughout the program, so feel free! The notations of the program follow.

Welcome to podcast 12 of the tech podcast series known as the Security Box.

Topics:

  • On podcast 10 of the box, we link to an article about due dilligence. It was segment 2 of that podcast. Just recently,, its time to update this, as now Krebs has an article asking the question: Who is Tech Investor John Bernard? Seems to me that this guy, whoever he is, is not a good guy, and I think I visited the page in the first story just to see what it was about. In no way was I going to utalize the services, but I was mainly curious what the main page had to say. It is funny to see that the site has a general closed message on it, and people still come forward afterword to people like Brian and tell him what has happened to them. This is quite funny, and I think I’ll have this as my first topic. Did you read the article linked to in podcast 10, and if so, what did you think? What do you think now?
  • Apparently, another tech company is hitting the news in regards to a ransomware attack. The company in question put out the same type of info that most companies put out in regards to the breach or lack there of when it comes to personal information that may have been taken. The problem is that the investigation is still ongoing, and even though the article was updated after initial printing, we can’t say who is telling the truth. Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack is the article, and I think this aught to be quite interesting. Only time will tell.
  • APWG is the Anti Phishing working group. This group does work to try and advise security experts and us on how to be as safe as possible. Now they’re saying that SSL should not be used in determining if a website is secure. We’ve known through Phishlabs articles on the blog that the rate of SSL certificates by actors was on the rise, but now we shouldn’t rely on it. APWG: SSL Certificates No Longer Indication of Safe Browsing comes from the Phishlabs folks, and I think its worth the read. We also put it in the news notes rundown, and I am sure it’ll garner conversation.

News Notes:

  • News Notes has quite a few items even though I have had technical problems as of late. The weather isn’t helping with health concerns as well, so it may not be large, but it is good none the less. If you’re interested in the news I’ve gathered, head on over to this blog post and check out what might interest you. There may be some overlap, but at the same time, you might find something you want discussed that I didn’t read.

Podcast segments

  • Michael in Tennessee is on with us for about 37 minutes talking about one particular article that caught his attention. He and I discuss this particular article, and we even bring up other odds and ends tying this up with other revelant but could be off topic stuff as well. The article we reference comes from Cyber Scoop, and its a good one. FBI hopes a more aggressive cyber strategy will disrupt foreign hackers which was posted to that site on the 21st of September. This article was written by Sean Lyngaas.

Want to download a copy of this and don’t want to go to the RSS feed? Please feel free to use this dropbox link which lasts 1 week. Thanks so much for reading, participating, and or checking out what we have to offer. See you on another edition of the podcast!

Comments (0)

Tech podcast 352 for September 24, 2020

The show notes are sweet and short.

Voice mail systems, are they gone? Covid-19 and the email landsscape, a webinar and IOS 14 and other OS’s and whether apps are updated timely if they are broken. Enjoy this 65 minute podcast!

RSS is here

If you want to have a file sent to you, please let me know. I’ll be happy to send it to you.

Comments (0)

The Security box, podcast 10 for September 16, 2020

Hello folks,

Welcome to the security box. On this episode found on the RSS feed, we have a very nice interview with Michael in Indiana I think everyone will be interested in. The program is 3 hrs, 38 minutes but its OK to go over.

T he news wasn’t covered but that is OK, we can do a double dip of news next time. If you find anything in the news section of the following notes, please let me know what interests you.

Notes follow:

Welcome to podcast 10 of the security box. On this edition of the program, we’re going to leave room for Michael in Indiana to talk to us about phone stuff. We’ll also have some other stuff as well.

Topics

  • Phishing has all kinds of forms, and the Security Box, podcast 5 only covered a little bit. Podcast 345 of the tech podcast series also covered Phishing. Also, we’ve covered Phishing in articles that I’ve read as well. This search page from the blog will bring up everything on phishing that might be of interest to you. Recently, I’ve learned about tricky types of phishing using services out there that can produce documents and forms for free or low cost. Tricky Forms of Phishing | Tricky ‘Forms’ of Phishing is the topic on this first segment of the program today. Did you know there are 13 different sites that can produce documents and forms that could trick users in to divulging information they shouldn’t? The only one out of the 13 I’ve used is Google documents, but I’ll talk about the 13 different ones in turn. Time to learn.
  • Recently, I’ve read an article talking about doing your due diligence . Do you do yours? Looks like a scammer knows how to play it well, and the name seems to be well known. The article Due Diligence That Money Can’t Buy talkes about someone by the name of John Bernard. What a facinating story!
  • Michael in Tennessee came on about a ransomware attack effecting Neuhal. We’ll have more next week on this.
  • Michael in Indiana will be on talking about phone systems, security, and what he has seen in the landscape as an administrator.

News

Due to the time of the interview, news did not get aired this week. I’ll keep this for a show next week, and we’ll reference this next week. If you find anything from the below section you want covered, you’re welcome to have your thoughts heard. Here’s the news from this week we didn’t cover that might be of interest to you.

Thanks so much for checking out the podcast, and make it a great day!

Comments (0)

The Security box, podcast 9: Typosquatting and more

Hello folks,

The RSS feed has the podcast. Due to the length of the show notes, it is not going to fit in those notations.

I hope you enjoy the program as much as I have putting it together for you. Next week, we’ll be returning to a Wednesday schedule.

Welcome to the security box, podcast 9. This week, I think we’ll change gears a little bit and talk about the Internet in a different type of light. We’ll also have news, notes, commentary, and I believe the fix to comments left by callers is solved with an app I already give info for. If you can use the dial in number, you may use it, but turns out, not everyone may be able to use it. The days of Voice Mail services may be over. Lets get started!

Topic:

Have you ever made a mistake while typing a web site address in to your address bar? You have? Well, you’re not alone. While it is human to make mistakes, actors know this now more than ever. The term is called typosquatting when an actor picks up these types of misspelled domains and utalize it to do lots of things to you. Consequently, in “This Week in Security News” for the week ending September 4, 2020: there is an article talking about Typosquatting in it.

News, notes, and more

Other things:

  • Have you ever thought of your building on the Internet? Podcast 337 had an article I got from Sans News Bites that talked about hackers using things like elevators for DDOS attacks.

    one of the biggest topics I think you’ll want to get your paws on is buildings being connected to the Internet. I’m not kidding! I’ve got a blog post with the article of the same name: Hackers are hijacking smart building access systems to launch DDoS attacks and this is definitely something to think about.

  • From the same podcast, we’ve got the best thing ever. A dumb criminal on how Not! to get caught on crimes. I changed the show notes a little bit and decided to go after the original article.

    Also on the podcast, we’ve got a dumb criminal award for the podcast. If you’re going to commit a crime, you want to try and hide like a lot of America’s Most Wanted’s criminals did. Thats why they were hard to catch, and eventually, a lot of them were caught. Booter Boss Busted By Bacon Pizza Buy is the link to Brian Kreb’s coverage of this.

    Have fun with this one!

Have something you want to contribute? Please feel free to do so by email, imessage, or voice. The choice is yours! The file has all of the contact info on how to get ahold of me throughout the program. Thanks so much for listening, and we’ll see you next week!

Comments (0)

Tech podcast 351: Voice mail systems, Jaws, a team up, typosquatting, and more

RSS for those who want it.

Welcome to podcast 351 of the podcast. Some people can’t stand the changes in regards to one telephone system and what they did. Shaun Everiss and I team up and I created a page for it. Jaws had an update and I covered all but two. Here is the blog post on that as well. Finally, Typosquatting is discussed in preparation for the next Security Box. All this, and final thoughts and contact info on this edition of the podcast.

Comments (0)

The Security box, podcast 8: show notes reissue

I found there was an error in the notations, which I fixed in my file.

Instead of going ahead and updating the post, I’ll go ahead and make a new one.

RSS is here for you to get your copy of podcasts across the network. Remember to visit blind vms for other podcasts as we team up.

Welcome to podcast 8 of the Security Box. As you’ll see by the notes here, we’re fully packed, the show should be that way. I hope you enjoy it as much as I am bringing it together for each and every one of you.

Commentary:

  • Jennifer had quite a bit to talk about during the reairing of the Security Box from last week. Through Skype, we’ve got several messages due to Skype’s change in the way messages are taken which is news to me. We play and answer any questions asked.

Topics:

  • What do you think when you have your TV? Do you think of it as something to watch, something to possibly play games on and listen to podcasts, and that is all? We know that the apple TV allows you to watch movies and rent them through Itunes, but what about your set top box? Do you know anything about them? In an article tweeted by Security Week we are learning that several manufacturers are not fixing anything and the vulnerabilities in these set top boxes are bad. I had not envisioned this to be a malware prone set top box, and now, I am glad I don’t have a TV. Vulnerabilities Expose Popular DVB-T2 Set-Top Boxes to Botnets: Researchers is the article, and I think we need to at least know about them. Avast was responsible for this research, and I think it is important for people to read this one. It talks about the set top box, and goes in to the research that encompasses it.
  • Shaun Everiss has sent me this article from stuff.co.nz in regards to New Zealand’s issues with its stock exchange. According to the article, New Zealand had its stock exchange attacked by a well-known entity known as Fancy Bear. We know on the tech podcast that Fancy Bear has been targeting people for ransom for many years now, along with other groups like apt28 which may be the same people. Look it up. NZX back online as Government assists in helping it address cyberattacks is the post and its something we need to be concerned about although the exchange is now back online. We could be the next target. This can’t be good.
  • I was asked to cover Tik Tok. Cybersecurity expert’s take on TikTok sale is Scott Schober being interviewed about the potential sale. We’ve got an interview which is covered briefly in news notes, and this video was put out on September 1, 2020 just a day before the podcast. I found this quite interesting and you may too.

News Notes:

Lots of different items have gone on this week it’ll be hard to cover everything here. There are some things linked through the blog, but I’ll highlight a few items here.

There may be things listed here we covered as a topic, but then again, there may not be.

For a complete article list, check out the tech blog where you might find other things not covered here or in the news notes file played within the podcast.

Podcast segments

Final Thoughts:

Have anything you’d like to say? Want to leave a voice mail message? Call 641-715-3800 and when prompted dial 96-96-709. Follow the prompting to leave a voice mail in the voice mail box. While Skype allows for voice mail, this won’t work anymore due to changes unknown to me, and there aren’t that many options left. I hope you’ll enjoy the program today, and thanks for listening and checking out the notes!

Comments (0)

The Security Box, podcast 8 for September 2, 2020

Hello folks, welcome to a packed podcast here on this program. This program has lots of different links to various things that we talk about and wht they’re about. If you’re comning here from the RSS, the RSS is too small for these notes because its over 4000 characters.

Welcome to podcast 8 of the Security Box. As you’ll see by the notes here, we’re fully packed, the show should be that way. I hope you enjoy it as much as I am bringing it together for each and every one of you.

Commentary:

  • Jennifer had quite a bit to talk about during the reairing of the Security Box from last week. Through Skype, we’ve got several messages due to Skype’s change in the way messages are taken which is news to me. We play and answer any questions asked.

Topics:

  • What do you think when you have your TV? Do you think of it as something to watch, something to possibly play games on and listen to podcasts, and that is all? We know that the apple TV allows you to watch movies and rent them through Itunes, but what about your set top box? Do you know anything about them? In an article tweeted by Security Week we are learning that several manufacturers are not fixing anything and the vulnerabilities in these set top boxes are bad. I had not envisioned this to be a malware prone set top box, and now, I am glad I don’t have a TV. Vulnerabilities Expose Popular DVB-T2 Set-Top Boxes to Botnets: Researchers is the article, and I think we need to at least know about them. Avast was responsible for this research, and I think it is important for people to read this one. It talks about the set top box, and goes in to the research that encompasses it.

    • <;li> Shaun Everiss has sent me this article from stuff.co.nz in regards to New Zealand’s issues with its stock exchange. According to the article, New Zealand had its stock exchange attacked by a well-known entity known as Fancy Bear. We know on the tech podcast that Fancy Bear has been targeting people for ransom for many years now, along with other groups like apt28 which may be the same people. Look it up. NZX back online as Government assists in helping it address cyberattacks is the post and its something we need to be concerned about although the exchange is now back online. We could be the next target. This can’t be good.

  • I was asked to cover Tik Tok. Cybersecurity expert’s take on TikTok sale is Scott Schober being interviewed about the potential sale. We’ve got an interview which is covered briefly in news notes, and this video was put out on September 1, 2020 just a day before the podcast. I found this quite interesting and you may too.

News Notes:

Lots of different items have gone on this week it’ll be hard to cover everything here. There are some things linked through the blog, but I’ll highlight a few items here.

There may be things listed here we covered as a topic, but then again, there may not be.

For a complete article list, check out the tech blog where you might find other things not covered here or in the news notes file played within the podcast.

Podcast segments

Final Thoughts:

Have anything you’d like to say? Want to leave a voice mail message? Call 641-715-3800 and when prompted dial 96-96-709. Follow the prompting to leave a voice mail in the voice mail box. While Skype allows for voice mail, this won’t work anymore due to changes unknown to me, and there aren’t that many options left. I hope you’ll enjoy the program today, and thanks for listening and checking out the notes!

Comments (0)

The Security box, podcast 7 for August 26, 2020

Hello everyone, welcome to another security box podcast. This time, it was a little shorter but tried to give some good content. While there was no participation by telephone, its ok. I’m sure that people will be wanting to listen to what is said, and we play some tunes too.

The first hour, I cover what I wanted, but since I opened the lines and there was noting, I went ahead and broke out the Phishing guide and talked about some things that could be relevant to the topics I talked about on this show.

Below, please find the show notes, and I hope you enjoy the show as much as I have. Starting next week, I present a brand new intro for you, I hope you’ll enjoy it.

Welcome to podcast 7 of the Security Box. This week, let’s peruse some topics, I’ll link to some articles, and you can comment as usual. News, Notes, and much more. Thanks for listening!

  • Election officials have been warned about Typosquatting domains and how they can be used to bring trouble to their particular candidate. Typosquatting is a big problem, and in a future podcast, we’ll look in to what this is. In an article entitled Feds warn election officials of potentially malicious ‘typosquatting’ websites you’ll learn what is the danger in the election scheme of things.
  • I think its time to really bring out a topic. How many people heard of the dark web? 11.6 billion records have been breached and are on the dark web since 2005 according to this article by Lastpass. Is this something we should be concerned with as a whole, or do you think it isn’t a big deal? This can only get worse, and the box wants to hear what you think of this. Each year, more companies are breached than ever before and it is definitely a problem I think. There is a way you can scan the dark web for any type of data like an Email address, but is this enough? Lastpass has the capability of doing this for you. The article What are dark web scans? goes in to more details on how this is done.

    • News:

  • Looks like Experian can’t keep their mouth shut. According to a Cyberscoop article, 24 million South Africans are now at risk because someone potentially opened their mouth. They said the employee was tricked in to disclosing information on a unknown number of people, but the number seems to be a whopping 24 million. No hacking needed: Someone duped Experian into handing over data in breach affecting 24 million South Africans is the article and boy if Equifax and Experian haven’t learned anything from their prior U.S. things, when will they ever learn? The U.S. stuff were hacking attempts but still … human intervention is the weakest link in this whole ordeal.
  • This week in Security News from August 21st covers another article on the 24 million from South Africa and even some other stuff that might be of interest. The tech blog will also highlight things from this article that might be of interest.
  • Michael in Tennessee went ahead and gave me a heads up on this one. Turns out that a former CSO was charged in the Uber breach from 2016.

    U.S. prosecutors have charged the former Chief Security Officer at Uber with allegedly covering up a data breach at the ride-hailing company that exposed
    information tied to roughly 57 million people.

    Joe Sullivan was charged Thursday in the U.S. District Court in San Francisco with failing to disclose details of the security incident. to the proper authorities. Sullivan, who now works as the chief information security officer at Cloudflare, allegedly committed two felonies by not informing
    investigators about the hack while they probed the circumstances surrounding a prior data breach.

    This is great news, and one in which I want to cover in passing. Former Uber CSO criminally charged with covering up 2016 data breach has the full details from Cyberscoop.

Comments (0)

Older Posts »

go to sections menu

navigation menu

go to sections menu