go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: security news and commentary

Go to Homepage [0], contents or to navigation menu



We never posted April, but here is May for patch tuesday

We’re sorry that we never posted April’s patch Tuesday. I’ve still got the article, and maybe I’ll post it later on.

This month, we’ve got some very interesting things that might be of value to you. We even have some zero-day flaws with CVE numbers linked within Brian’s article.

Microsoft Patch Tuesday, May 2023 Edition has all of the details for those who don’t get notified about such things.

Thanks for reading!

Comments (0)

Harvard Pilgrim Health Care and Tufts Health Plan ransomwared, notice by Brian Krebs

There is no article here, but Brian Krebs did share something from them that may be of value to you. I’m posting it here for informational purposes, please take the necessary steps.

BrianKrebs: Ruh-roh.

Dear Valued Broker,

On April 17, Point32Health, the parent organization of Harvard Pilgrim Health Care and Tufts Health Plan, identified a cybersecurity ransomware incident that has impacted systems we use to service members, accounts, brokers, and providers. At this time, most systems impacted are on the Harvard Pilgrim Health Care side of our business.

After detecting the unauthorized party, we proactively took certain systems offline to contain the threat. We have notified law enforcement, are in the process of notifying regulators, and are working with third-party cybersecurity experts to conduct a thorough investigation into this incident and remediate the situation. This process will take time.

Importantly, our top priority is continuing to provide access to care for our members. While we work diligently to restore affected systems as quickly and as safely as possible, our team is working around the clock to provide workarounds for members to receive the services they need.

Please rest assured that we take the privacy and security of the data entrusted to us seriously. If during our investigation we determine any individuals’ sensitive information is involved in this incident, we will notify them in accordance with applicable law.

We will continue to keep you informed as we navigate this situation and relevant information becomes available. Thank you for your continued patience and partnership as we work through this difficult situation.

Sincerely,

Harvard Pilgrim Health Care and Tufts Health Plan

No article is mentioned or linked. Databreaches may have had something on this, but I read it and it seemed short.

While my coverage may be short, I’m more of an an information sharing type to articles with more info. I can write longer when needed.

Comments (0)

This little girl’s got it. Social Media is not that important

Well, well. I think this child in this article has this. I saw it last night, and its a good article to read.

The thing is, I think Social Media is nice to have, but I’m not on it all the time, and like this child, anyone who I regularly talk to I can text, email, call or the like.

I’m not saying in any way that Social Media is bad. I’ve never utalized it the way some people do.

I don’t share my life like others do. I definitely don’t use it to check in, although I’ve discussed looking at one system and it was a short period of time and very seldom.

With that said, the parent I believe this is, is a teacher by trade.

I understand that everyone is also saying that TikTok is a national security risk. But the only real risk I can observe is one where they put a supposed keylogger on the device. When you do that, all bets are off.

As I have written in the past, banning TikTok is not the answer. Getting them to remove the application that is known as the keylogger is the first step.

Of course they’ll claim that they don’t have a keylogger. I’ll say, if they don’t, let someone evaluate the code and tell us whether there is a logger or not once for all.

The article is an interview style and was edited for length and clarity.

I sent it to the TSB list very early in the morning, early enough for someone like Scott to see it if he happens to spot it.

I do have my name on a number of platforms, but I surely don’t post like tons of others do.

Please feel free to read this interview, and i’d be interested on what other people say.

How a computer scientist talks to her daughter about TikTok

Michael writes:

Nadya Bliss and her 12-year-old daughter Coco have been talking about technology for as long as the two can remember. Nadya is a computer scientist who is also the executive director of the Global Security Initiative at Arizona State University. Technology and national security issues take up much of her time. While she loves tech and embraces many of its benefits, she is acutely aware of its darker sides, too. As a parent of a tween, the topic of social media — and especially TikTok — is commonplace in their household and among their friends. While many lawmakers and national security experts in Washington and elsewhere around the country are calling for an outright TikTok ban, those concerns are lost on the many millions of tweens and teens who spend hours on the app every day. Nadya and Coco, who is a sixth grader and among the minority of her peers without TikTok, recently talked about how the app — and the omnipresence of technology in just about every kid’s life today — is changing parenting and childhood. The following conversation between Nadya and Coco has been edited for clarity and length. 

I sent it to TSB’s Nicholas Jackson who said that this was great. What do other’s think?

Comments (0)

The Phishing has started re: Twitter Blue and verification

The Following was a boost. Please be aware of this one.

Celeste, AKA DJ Celrock!: Boosting Dwight Silverman (dsilverman): If you’re a legacy verified user on Twitter, beware: A phishing email is playing on the news that original verified users will lose their blue check marks on April 1. I tapped on the “Read verification policy” button, thinking this may be real, and it took me to a Twitter sign-on page that was not on a Twitter URL. Fortunately, It didn’t attempt to place malware on my iPhone, but it could have.

Be careful out there, and please boost.
#infosec
Image 1: Phishing email playing off news that Twitter is ending its legacy verified program. It reads:

Hello, e« Loss of verified status <> Yesterday at 4:43 AM To:

W Helo Dwight Silverman, @ We updated our verification policy on verified accounts, and you could be affected. Please read the rules and make any necessary changes by March 27, 2023. In accordance 1 the Twitter Terms of Servic Twitter may remove the blu fied badge anc fied status of a Twitter account at any time and fthout notice Help | Not my account | Emall securly tips Tuiter, . 1355 Marke Sreet, Sue 900 San Francisco, GA 94103

I’ll give bonus points if you can name what is wrong here. Glaring issues here I think.

Comments (0)

Here’s another good email … besides a spelling mistake and an error when visiting, spot anything else?

So we’ve been working on spam issues. If we get it now, they’ve passed validation and other checks.

This one is interesting because I’m pretty positive that it isn’t coming from a registrar.

By default, you build your search engine positioning by putting code in place for keywords, copyright and other things.

while I only spotted one mistake within this message, do you spot anything suspicious about the following mail?

Attention: Important Notice , DOMAIN SERVICE NOTICE
Domain Name: jaredrimer.info

Hello Jared Rimer
jaredrimer.info
Response Requested By
18 – Marc. – 2023

PART I: REVIEW NOTICE

Hello Jared Rimer
As a courtesy to domain name holders, we are sending you this notification for your business Domain name search engine registration. This letter is to inform you that it’s time to send in your registration.

Failure to complete your Domain name search engine registration by the expiration date may result in cancellation of this offer making it difficult for your customers to locate you on the web.

Privatization allows the consumer a choice when registering. Search engine registration includes domain name search engine submission. Do not discard, this notice is not an invoice it is a courtesy reminder to register your domain name search engine listing so your customers can locate you on the web.

This Notice for: jaredrimer.info will expire at 11:59PM EST, 18 – Marc. – 2023 Act now!

Choose your package:
https://icainews.com/domain/?domain=jaredrimer.info

unsubscribe:
https://icainews.com/domain/unsubscribe.php?domain=jaredrimer.info

Woody Harrelson’s opening monologue during “Saturday Night Live,” where he referenced
the COVID-19 pandemic and collaboration between the medical industry and the government
to push vaccines, has sparked backlash online. And Twitter CEO Elon Musk chimed in on the discussion.

Closing out the segment, Harrelson talks about a film pitch that included one of the
“craziest script” he’s read, which included the “biggest drug cartels” forcing people
to remain in their homes unless they agreed to take and keep taking their drugs.

“So the movie goes like this,” the actor explained. “The biggest drug cartels in the
world get together and buy up all the media and all the politicians and force all the
people in the world to stay locked in their homes. And people can only come out
if they take the cartel’s drugs and keep taking them over and over.”

Harrelson then joked: “I threw the script away. I mean, who was going to believe that
crazy idea? Being forced to do drugs? I do that voluntarily all day.”

‘UNCLE’ WOODY HARRELSON PHOTOBOMBS MATTHEW MCCONAUGHEY’S DAUGHTER AT BIRTHDAY PARTY

“Saturday Night Live” host Woody Harrelson during promos in Studio 8H on Feb. 21, 2023.

The comments were widely covered by media outlets, who called them “anti-vax” or “vax conspiracies.”

Several people on social media continued the conversation — with many people agreeing with the actor — then Musk chimed in.

“So based. Nice work,” Musk responded.

MATTHEW MCCONAUGHEY SHARES THROWBACK PICTURE WITH WOODY HARRELSON: ‘AN ORIGINAL WILD MAN’

In another tweet, Musk suggested the comments were spot on and reflective of life in the U.S. over the last few years.

When one Twitter user warned for people to “get ready for the meltdowns,” Musk said: “Maybe they [media outlets] don’t realize that their propaganda is wrong?”

Also on Saturday, Musk shared a Babylon Bee article about 26% of Americans that “still trust the media.”

ELON MUSK: ‘I RECOMMEND VOTING FOR A REPUBLICAN CONGRESS’

Harrelsons’ opening monologue included remarks about political division and he described himself as a “redneck hippie.”

“You know, the red in me thinks you should be allowed to own guns,” he said. “The blue in me thinks – squirt guns. So, I’m red and blue which makes purple. I’m purple.”

WHY ‘SNL’ COULD BE ENDING, ACCORDING TO KENAN THOMPSON AMID DWINDLING VIEWS AND SLASHED 2022 CAST

He also made a mention to smoking weed and made a joke about why he prefers it to drinking alcohol.

Actor Woody Harrelson attends the game between the Los Angeles Clippers and the Atlanta Hawks at State Farm Arena on Jan. 28, 2023, in Atlanta.

“The reason I like herb more than alcohol is because it makes me feel good, no hangovers and I never wake up covered in blood,” he said.

Harrelson’s appearance was his fifth time hosting “SNL,” which, like many companies across the country,
observe stringent COVID-related health safety protocols at a time when governments were enacting lockdowns.

Musical guest Jack White, left, Woody Harrelson and Chloe Fineman in Studio 8H on Feb. 23, 2023.
(Rosalind O’Connor/NBC via Getty Images)

Later in the show, Scarlett Johansson gave Harrelson a five-timers club jacket.

CLICK HERE TO GET THE FOX NEWS APP

His last appearance on the NBC comedy show was on Thanksgiving 2019, before COVID lockdowns were in place.

Fox News’ Andrew Mark Miller contributed to this report.

Sen me a note at tech at menvi.org and let me know what you spot interesting in this email. I did copy the URL and paste it in to a private browser and got an error, so that’s the first thing. Anything else besides that error message and a possible spelling error I’m leaving in? Today is the last day and I got this within the last two days.

Comments (0)

Make Use of has 6 URL shorteners they recommend, would I recommend them?

Several of the services on this list have been used in Spam campaigns. Bitly is one, as well as cutt.ly.

All URL shorteners say that using it for Spam is not allowed, but I still see bitly links in my contact forms.

I like the ones where I can report the bad links, and one that did this which I wrote about was cutt.us if my memory serves.

I believe a lot of these URL shorteners are located outside the United States, but I do not know this to be factual.

A Screenshot of the Bitly URL Shortener Landing Page

Bit.LY or bitly.com is at the top of the list. They’re more popular and as I said above, this one as well as several others not on this list have been used in spam campaigns.

I’d love to take a look at bl.inc but this one is a fully paid site. So far, I’ve not seen any URL’s from them, so make sure you read up on this one if you want to pay for it.

A Screenshot of the Cutt ly URL Shortener Landing Page

cutt.ly has been used for spam and malware delivery. Any one of these URL shorteners who can’t allow users to report Spam should not be used. I believe this one does, so if I were one to use them on a regular basis, I’d use this one. This is personal opinion though.

A Screenshot of the TinyURL URL Shortener Landing Page

Tiny URL has been around just as long as bitly. Haven’t seen it used much, but its been known to include spam campaigns. Last I looked at it, it did not have any way to report URL’s that are bad.

A Screenshot of the Short io URL Shortener Landing Page

short.io I’ve never heard of. The write up on it sounds good though, but again, I’d be looking to see if there is a way to report abuse. Actors are known to use shorteners, especially popular ones.

A Screenshot of the Rebrandly URL Shortener Landing Page

Finally, ReBrandly is the last item. Never heard of these guys, but this one looks interesting too.

In conclusion, if you use these, use them responsibly. Make sure that you use it legitimately, and if you receive links, you run them through an expander like expand URL.

Sites like Virus Total can unpack a shortened link too as part of their offering and I’ve seen multiple redirects using some of these services. Just be careful if you’re going to use such a service.

If you’re using your own web hosting, I’d use my own web site to redirect people. For example, the RSS feed for the tech podcasts is being redirected through my web site over to Anchor.

The URL is technology.jaredrimer.net/audio which I had used for my podcast before I decided to sign up for Anchor.

One of our other sites, the Blind VMS team up, has a URL directly to the blog post about it.

Stieve uses one of these shorteners but uses his own domain he baught. It makes sense and he described how he got his to work. I could find great uses for it, but you need to make sure to use something that will meet your needs.

Stay safe out there! Great article by these guys.

Comments (0)

Here’s some very interesting news on Twitter

I’m going through Mastodon and I see the following post that might raise some eyebrows, literally.

Devin Prater: Boosting Eodyne (Izzod): So I want to stress that I CANNOT INDEPENDENTLY confirm this but I trust my source:
There is apparently an ongoing issue at Twitter that boils down to:
Musk fired everyone with access to the private key to their internal root CA, and they can no longer run puppet because the puppet master’s CA cert expired and they can’t get a new one because no one has access. They no longer can mint certs.
My limited understanding in this area is that this is…very bad
#Twitter #infosec

If this is true, then we’ve really got problems there, seeing how Elon claims nobody is “working” but just hanging around.

He appologized and invited someone back now, but there is a deadline in regards to questions raised by Massachusetts but we’ve heard nothing yet.

I wonder what this might mean? It definitely doesn’t sound good to me.

Comments (0)

We have more info on Lastpass … news is worse

Hello folks,

Kim Komando sent out a breaking news about Lastpass’s recent breach.

I believe Security Now also has this, but I sent them the article from Kim in case.

Here is Steve’s tweet.

Steve Gibson: “The NSA @ Home”
Security Now! #912 show notes:
https://bit.ly/3EOcEML
A Windows Update goof, Pasting plaintext, Edge’s built-in VPN, LastPass’s breach update, Signal reacts to UK anti-privacy, A large PyPI attack, QNAP’s news, a BAD BIOS bug, and The NSA’s advice to home users.

These are show notes for SN 912.

Kim’s article is titled LastPass hacked again – Is it time to say goodbye?

I might just have to consider this. They link to Lastpass, but I couldn’t find anything definitive at the moment.

We can’t blame Lastpass as a company, but the problem is, they’ve never been forthright. The fact we’re now learning that an employee was phished doesn’t make it any better. To top it off, they installed a Keylogger.

Keystroke logging from Wikipedia

This means, they can get the employee’s master password and then its game over. Question, did the employee use two-factor as part of his access as an employee? From what I’ve read, it doesn’t seem like he did, but I don’t want to come out and say that it is true without some article indicating this.

Sans News Bites for today, February 28th also has notes on this. I have not read Sans yet. Sans also has stuff that has been sent to TSB’s email list that I have not read yet either. More from Sans later.

We better pay attention to this, I don’t think its over yet.

Thanks for reading, make it a great day!

Comments (0)

Seeing some disturbing news about Wildebeest

There must be a new app and a bunch of boosts on a serious isue on it. Note, the JRN knows nothing more than what we’re about to show you.

Wildebeest Devin Prater: Boosting Chris Trottier (atomicpoet): Obviously, private messages on Mastodon are not exactly private.

But for Wildebeest to not even honour visibility preferences?

That’s pretty terrible.

Devin Prater: Boosting a hivemind of packbats (packbat): the thing where Cloudflare’s new fedi software Wildebeest /completely ignores/ privacy and just shows people’s DMs in the public timelines … gosh, like, this really highlights how much trustworthiness we expect of servers hosting social media

because this is intolerable

they should never have let this fly

anyone thinking about trying a Wildebeest instance should be running for the hills immediately

– ?

(context: https://github.com/cloudflare/wildebeest/issues/303 )

Please copy the link and go to github directly.

Devin Prater: Boosting tiddy roosevelt (they/them) (doot): And if we take a peek over at Wildebeest…
Image 1: github issue. private messages are included on local timeline in wildebeest

If this is all true, and settings of how posts and direct messages work here on Mastodon, we’ve got a problem and a big one.

Some of us are new to Mastodon and are still learning the ropes and the different terminology, but this should speak for itself.

For this client’s sake, I hope that they are looking at this and will fix it to work like other apps do in this space.

Comments (0)

New TLD’s in spam

So I did a cleanout of my over 2k of email on jaredrimer.net and am trying to just keep up with it.

So going through the majority of spam messages revealed two new TLD’s that I spotted. .home or .homes and .cyou.

Never heard of these domains, but the emails were Spammy just the same and I didn’t investigate them. One of them was a supposed american airlines survey deal wiith the .home domain and the other was probably your typical spam. I forget now.

Whether it was .home or .homes, we’re really seeing an influx of domains and lots of them for bad. This can’t necessarily be bad if you know that most of it you don’t want.

Interesting times.

Comments (0)

Besides Mac getting updates, IOS and other products are also updated

I first spotted this apple insider post titled macOS Ventura 13.2.1 is here with bug fixes and improvements but didn’t see anything from Apple Vis till now.

Their blog is titled Apple Releases Software Updates for iOS, iPadOS, macOS, watchOS, and HomePod and both can be read to see if something interests you.

While Apple Vis indicates that there are mainly security fixes, it talked about this Mac release first being released on January 27th.

Feel free to read both articles and make the decision that is best for you.

Thanks for reading!

Comments (0)

Saw the best wannabe scam possible on saturday and this one is good!

So, as we get used to Mastodon, I saw a retweet of the following. I was also doing my show and started busting up laughing with this one.

Note, the spelling mistakes that might be seen are here and are not edited. Its to be left that way.

Jonathan Mosen: Just got an email from Netfilx, yes, Netfilx, telling me I must update my payment details or my Netfilx will be cut off. Please please don’t! Whatever will I do if you cut off my Netfilx? You can take all the soup in the pantry, you can eat all the tomatoes in the fridge, but please, please not the Netfilx!
Or here’s an idea, maybe learn to use a spell checker so your scams are at least a tiny bit convincing.
Well, can’t waste time with this Masterdon, need to go back to watching the Queer on Netfilx.

While I’ve not talked to Jonathan in years, he’s a respected blind podcaster and clearly understands what’s going on here. This just had to be the best thing I’ve seen from this community, and one worth sharing.

This was a great post, Jonathan, and thanks for sharing it with the world. I’ve passed it along to my TSB list and even favorited and bookmarked it as its so good.

Have a great laugh!

Comments (0)

A piece of Spam that references a book … be careful out there!

I’ve been getting spam with various subject lines lately. What interested me about it was that it mentions a book that I decided to look up.

The book is titled Home Doctor – Practical Medicine for Every Household and it is by Claude Davis, Maybell Nives and Rodrigo Alterio.

What interested me about this was the fact that the book’s link in the spam leads to a domain like http://www.survivecomment.shop just to name one. The thing is, as you’ll see below, the page if you clicked on it and the book’s description are closely matched, and I don’t know if the link that leads to the book is to Amazon or another book seller.

about the book

Inside this massive 304-pages physical book you will discover the DIY medical procedures and vital medical supplies you need to have on hand to take care of common health problems and emergencies at home, while waiting for an ambulance to arrive or in the next crisis when doctors and medicines may be hard to come by.

Dr. Maybell, one of the authors, is known for developing new, ingenious methods of treating her patients after Venezuela’s economy collapsed and hospitals and pharmacies ran out of medicines, supplies, electricity and even running water.

The methods Maybell and other doctors in Venezuela invented and pioneered are now being studied and applied in conflict zones all over the world. Many of these inexpensive procedures do not require any medical assistance as they are specifically designed to be self-applied, so they should also help anyone cut down on medical costs while things are still OK.

But they become most valuable when the medical system cannot be depended on, like during long term blackouts, economic collapses, riots, hurricanes and other disasters. As you’ll discover these methods inside The Home Doctor you’ll probably start to realize why every household and family should keep them close-by.

No, I’m not going to link the link above, and this is only one. link I’ve seen that promotes this book.

The JRN has not read this book and has no idea if this is accurate information. We’re not promoting it either, just talking about the spam that we have gotten that mentions the book.

Going to the main domain as shown above goes to a blank page by the looks of this.

The link, which was longer than I show you, leads to a page asking if you’re human. It goes to a site called homedoctorbook.com/book (not linked) and describes the book. Then it doesn’t go to a source like Amazon as the links are numbered like 394000 for example, and it seems like it is an order page for the book which includes a toll-free number.

This is after you select yes on the page that you first see. I looked at the link to the 394,000 and I went there in a private window and it was an interesting page as discussed above.

I would suggest that you search the title and buy it from a reputable source. I’m linking to Amazon for convenience, but there are other sources out there.

As I said above, I’m not recommending this book, I do not know if it is accurate and I’m not a doctor. But I vowed to show people that Spam about this book is going out there. I believe when I first looked this up, it was a 2022 book release.

I feel sorry for Venezuela. I also did a news search to see if what the spam was talking about was true and it unfortunately is.

As sad as this is, I want people to know about this, and I want people to stay as safe as possible. If you see things like this, please understand that you should probably not click. While the sites are harmless here and tools will show you this, I’d copy the book name and find a source of value.

Stay safe! Stay aware! Learn. Thanks for reading!

Comments (0)

What has been posted to EMHS, week of January 27, 2023

I’m cutting off this week’s updates at 11:30 am on January 23rd. This is what will be posted when EMHS gets updated on the 25th.

Please visit Email Host Security for more.

Blog Posts

We do have a few blog posts, see if something catches your eye or ear.

I may have given you a few more than we needed, but it has been a quiet week in posting to the site.

We’ll be continuing to blog and have continued to blog other stuff of newsy interest, not necessarily for the site though.


Terms

I have added one term to the list. It came about when describing Lastpass’s continuing problems. The term is PBKDF2 and it is listed in the alphabetic list. PBKdf2 will be covered in a future podcast in March.


Companies and services

We’ve got no new companies and services, but we did post to the blog a very interesting recent article from the Malware bites blog. It should probably be no surprise to many on the topic in which it covers.


Podcasts

Our podcasts section got podcast 127 as it usually does, the same day it normally gets released to the public. The blog normally gets it the next day, but we got it up there the same day too.

Books

I’ll be sending Nick a list of authors to look up their books. If anyone of them match what we’re trying to do for EMHS, we’ll add it to this list. Since we don’t have any new books, make sure you check out the list, as it covers things we’ve been talking about for quite awhile.


In Conclusion, we’re trying to provide this as a resource. Please feel free to support the project by sending resources of interest you wish us to look at. Thanks so much for reading and participating! Without you, we can’t do this alone.

Comments (0)

A possible fraudster posing as amazon on the loose

Hello folks,

Today, I got yet another call and email from someone claiming to be an account manager at Amazon. The phone number is a 204 telephone number That number iis: +1 204-515-6163 which belongs to Canada.

Here are the headers of the message I get.


Return-Path:
prvs=3706eb91e=znaahmed@amazon.com
Delivered-To:

Received: from cp1-daltx.nocwest.net
    by cp1-daltx.nocwest.net with LMTP
    id YHX3IyLMwWM/GAAAcL4iug
    (envelope-from
prvs=3706eb91e=znaahmed@amazon.com)

    for
jared@personal.jaredrimer.net
; Fri, 13 Jan 2023 16:24:50 -0500
Return-path:
prvs=3706eb91e=znaahmed@amazon.com
Envelope-to:

Delivery-date: Fri, 13 Jan 2023 16:24:50 -0500
Received: from smtp-fw-33001.amazon.com ([207.171.190.10]:21944)
    by cp1-daltx.nocwest.net with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    (Exim 4.96)
    (envelope-from
prvs=3706eb91e=znaahmed@amazon.com)

    id 1pGRXg-0001fp-1j
    for

;
    Fri, 13 Jan 2023 16:24:50 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
  d=amazon.com;
i=@amazon.com
; q=dns/txt; s=amazon201209;
  t=1673645089; x=1705181089;
  h=from:to:subject:date:message-id:mime-version;
  bh=1i0fnNhg8UFsIxYrYxKnZvkvXGSalzmivrtSmAol8CA=;
  b=ajG1BxJsdvYKlp0arQZbIrwRqBTDwJW2HR1jPA8axoqJKiZKrdbZxFe9
   SSf9i7fadCXpwFIyy6dKtYRVOHFzF7V7dnYM3k5tSdQAf6F+LkO7kteuz
   CbGPCs0nJUAzWKIDmAJhdgnF/Y/74czdwDca+RjvtKU1vljf1a6NY4zaq
   U=;
X-Amazon-filename: image001.png
X-IronPort-AV: E=Sophos;i=”5.97,214,1669075200″;
   d=”png’150?scan’150,208,217,150″;a=”255036661″
Received: from iad12-co-svc-p1-lb1-vlan3.amazon.com (HELO email-inbound-relay-iad-1d-m6i4x-b404fda3.us-east-1.amazon.com) ([10.43.8.6])
  by smtp-border-fw-33001.sea14.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Jan 2023 21:24:02 +0000
Received: from EX13MTAUWB001.ant.amazon.com (iad12-ws-svc-p26-lb9-vlan3.iad.amazon.com [10.40.163.38])
    by email-inbound-relay-iad-1d-m6i4x-b404fda3.us-east-1.amazon.com (Postfix) with ESMTPS id F20FD83140
    for
jared@personal.jaredrimer.net
; Fri, 13 Jan 2023 21:24:01 +0000 (UTC)
Received: from EX19D001UWA004.ant.amazon.com (10.13.138.251) by
 EX13MTAUWB001.ant.amazon.com (10.43.161.207) with Microsoft SMTP Server (TLS)
 id 15.0.1497.45; Fri, 13 Jan 2023 21:24:01 +0000
Received: from EX19D001UWA004.ant.amazon.com (10.13.138.251) by
 EX19D001UWA004.ant.amazon.com (10.13.138.251) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.1118.7;
 Fri, 13 Jan 2023 21:24:01 +0000
Received: from EX19D001UWA004.ant.amazon.com ([fe80::2a53:56d5:307c:7d5]) by
 EX19D001UWA004.ant.amazon.com ([fe80::2a53:56d5:307c:7d5%5]) with mapi id
 15.02.1118.020; Fri, 13 Jan 2023 21:24:01 +0000
From: “Nasser, Ahmed [C]”
znaahmed@amazon.com
To:

jared@personal.jaredrimer.net
Subject: Amazon Business
Thread-Topic: Amazon Business
Thread-Index: AdknlVrsCU59DjAszkO0V7StRi4lpA==
Date: Fri, 13 Jan 2023 21:24:01 +0000
Message-ID:
<>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.197.94.146]
Content-Type: multipart/related;
    boundary=”004_222324030813470790d1510920740662amazoncom“;
    type=”multipart/alternative”
MIME-Version: 1.0
Precedence: Bulk
X-Spam-Status: No, score=-9.6
X-Spam-Score: -95
X-Spam-Bar: ———
X-Ham-Report: Spam detection software, running on the system “cp1-daltx.nocwest.net”,
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 root\@localhost for details.
 Content preview:  Hello , My name is Ahmed , account manager from Amazon Business.
    I am contacting you today because you are currently using a Consumer account
    which only allows you to purchase at retail prices.
 Content analysis details:   (-9.6 points, 5.0 required)
  pts rule name              description
 —- ———————- ————————————————–
 -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
                             [score: 0.0000]
  0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was
                             blocked.  See

http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                              for more information.
                             [URIs: amazon.fr]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -7.5 USER_IN_DEF_SPF_WL     From: address is in the default SPF
                             welcome-list
  0.0 HTML_MESSAGE           BODY: HTML included in message
  0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily
                             valid
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
                             envelope-from domain
 -0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
                             author’s domain
 -0.0 DKIMWL_WL_HIGH         DKIMwl.org – High trust sender
X-Spam-Flag: NO


According to the Abuse IP database the IP 207.171.190.10
does belong to Amazon and is being used as an transit IP.

If you look at the DKIM section of the headers, it indicate that it is not signed.

  0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily
                             valid

While portions of the header indicate that it is valid, one portion shows amazon.fr, possibly another branch of amazon.

This gentleman is offering me Amazon Business. I get Email that greets me by name and talks about Amazon business, but i’ve not taken advantage of it because I don’t have an interest in it.

This email is a general greeting of Hello. He introduces himself and offers the service.

The HTML message for bullet points is spaced.

The link within the message at the end when using shft+f1 or context key, copy link shows a safe link that points to amazon.fr which again is a possible branch of amazon, yet there is something about the mail that is unsigned.

The final piece that I’m going to give you is the last line of the email. It says: znaahmed@amazonco

Now that, isn’t a valid email address! If you were a valid address, you’d put your address in correctly, now wouldn’t you?

Take a look at this, contact amazon and urge them to do something about this type of abuse. Don’t answer calls with this number. I did, was very courteous, yet I now get more phone calls. I believe this gentleman is not an Amazon employee and has taled on their network.

I’ve also sent this to Phishlabs for their review. I probably won’t get a response, but that is OK. I don’t need one. Let the comments begin.

Comments (2)

What has been posted on EMHS, updated January 10, 2023

Hello folks,

Its time we get the blog post ready for publication which will cover what is knew on EMHS. I’ll have all the updates for you, and I hope you enjoy what you find and may learn and take advantage of.

Blog posts

We have a few blog posts for you this time, and some we even updated before the cutoff of January 10th at 1500 hours pacific time.

In some spots last month I didn’t put the publication, so I’ve also fixed that in this update.


Companies and services

I’ve added one new service to the list after doing some consoling about it.

Companies and services of interest
Company or service name Description of company or service
Expand Shortened URL’s This service allows you to expand shortened links from all kinds of services like goo.gl, is.gd, bit.ly and others. It will show you where the final destination of a link goes to. It will not tell you whether it is safe, although it does have Google Safe Browsing alerts available to you. Use this in conjunction with Virus Total to determine if a link is safe. If you trust where the URL is pointing to alone, great! If you still have questions, use Virus Total’s URL checker. We’ve seen expand url say that it is safe according to google safe browsing, but 2 products from Virus Total may say it is malicious or spam. A link to Virus Total is in this list and is highly recommended.

Terms

We have no new terms for people today. But, please feel free to check out the entire list and send me terms that you think might need defining. We may add one after this week’s update, but I still need to look up the topic and get it in to notation form before I decide to list it.


Podcasts

Remember, we’re on several networks and they air at different times. the TSB page lists the times of all networks and provides links. All podcasts are on our TSB page.


Other things

Our web site is located here and is called email host security. The goal of the project is educational and allows people to submit things and ask questions. Find contact information through the podcast, and thanks so much for reading, listening and participating!

The site is copywritten 2022/2023 by the Jared Rimer Network. The site is not for sale and we are not interested in solisitation calls for development services.

By following the links, you’re going there at your own risk. We’ve verified that the link is safe, the service is something we’ve used or know of, but that’s it.

Please send the JRN any questions, comments and concerns.

Comments (0)

This has got to be the worse on social media

According to the current newsletter, Scammers are stepping to a new low.

Ever wanted to do something special for your loved one after something happened to them? Sending them off is probably not the thing to do. Not unless there is a reputable company who will do what you ask for.

A woman in Northern California was contacted through social media and was promised that they would make a portrait out of the ashes of her deceased husband.

After sending the box, the scammers indicated she violated the law and asked for a ransom to get her husband’s ashes back. After refusing to pay, they torment and harass with pictures and threats to trash the remains.

Apparently, this is starting on TikTok, but it wouldn’t surprise me if this appeared on other social media.

Better read up on this one if you can, they’ll stop at nothing to get what they want.

Comments (0)

What do I think about the latest news regarding lastpass?

I was spending some time with the Cyberwire and yesterday’s episode had updates in regards to the fiasco around lastpass’s breach which we talked about as the news was coming out.

As I discussed on yesterday’s podcast, I know that I have a strong master password. I also know that I’ve got strong passwords in most cases, and I know I have several that could use improvement.

With that said, I haven’t seen an email from them except that they said they didn’t believe info was taken, however, since this is now out, the fact that they don’t keep the master password, and they set the account for certain iterations to take place, and I at least have two factor on, means that I could be fine.

I know that it was talked about on this week’s security now, and from what I could gather from the notice, Steve has decided to leave Lastpass.

One of my followers and I had a discussion when I last posted about Lastpass. He started this discussion after this blog post from last year.

While I respect the fact that Lastpass was not forthright in telling us about what was going on, I’m sure it is hard to figure out what to tell the public without making yourself look bad. I’m sure they didn’t really know how bad it was, and only a proper investigation can determine what really happened and I know that can take time.

I only saw one blog post on the subject and the email I got linked to that post which I had read and blogged. The problem with updating posts, is that we don’t see those updates, especially if we are on RSS which I am.

This is looking like a more recent blog post which might need to be read.

With that said, Steve said it best. Its harder to leave and move to another password manager, and unless there’s probable cause, there’s no reason to change.

I’m wondering if that’s the same post I read in December or was it November? If so, they should do what I do. Put new blog posts up so that its fresh instead of updating, since RSS is widely used by people.

Based on what I have learned and the fact that as discussed on twitter, I am not going anywhere. If people have a weak master password, maybe there could be a problem, but I don’t know what is accessible out there and I started with Lastpass.

I do know about Bit Warden but I don’t know if it works the same, i.e. importing all my notes and things besides my passwords.

I guess we’ll see what happens, but for now, I’m staying here.

Thoughts are welcome, I’d like to hear what people have to say. Am I wrong to stay where I am? If I am, what other managers are out there that supports notes, storing credit cards, bank account info, other types of notes like software licenses and standard notes along with your passwords?

Comments (0)

What has been posted to EMHS this past week

Happy new year folks. Hope you have had a fantastic start to the new year.

I’ve been a bit sluggish, but I’m doing ok. I hope that you’ll enjoy what we have posted here and wha I’m going to present to you.


Welcome to the posting we do each week talking about what has been posted to EMHS lately.

It seems like the book never made it in to our list so we’ll try it again.

Blog posts ,/h4>

We’ve started seeing the same things within Kim’s newsletter I.E. What word not to say to an unsolicited phone call, and I know we covered this before but its OK.

i know that the holidays are a bit slower, so this might not necessarily be a post that will be lengthy.

As a side note, while I have not added this to our services, I may be adding one more to our services and companies section. i digress, so here are the blog posts I’ve posted recently to EMHS’s resources page.

If we have overlapped and we posted some of these in prior lists, I apologize. I haven’t posted anything this year, so I’ll know going forward.

Companies and resources

I have not posted anything lately to this section, but this is going to change. I’ve talked about a service and may have linked them but I don’t think its there. I’ll do some consulting to see if it should be listed, and if so, we’ll make it official. For now, we don’t have anything at this time.

Books

Let’s see if I can get this book in to the list this time since we’re going to cover it this week. If you’ve seen it before, please say something.

  • Renee Dudley and Daniel Golden

Other stuff

I’ve done some cleanup on the TSB page and put some headings in place. This way, people can find what hey’re lookking for. The first heading separates the intro from the internet radio section and is titled “Internet Radio Airing” (without the quotes) while the second is titled “Other information you need to know” (without the quotes) so you can find things easier. Yes, that may be a run on sentence, but it’s going to have to do.

As you know, the terms section of the site got a makeover when we alphabetized the list and put the Knowb4 list in its separate section. I feel that this is better as they have a full glossary of stuff that you’ll want.

Podcasts

There were 48 different podcasts in 2022 that we covered under the TSB brand. While we’re on live while this posts, know that the page will be updated after the program completes and the podcast has been put together.

conclusion

I hope that you’ll be interested to see the articles, even if some were in our prior update.

Thanks so much for reading, listening and participating! We hope to have more people do that this coming year. Have fun learning!

Comments (0)

This must be another great email, see if you can spot what’s wrong

After thinking about this email I got this morning,I think I’ve decided how i’m going to present it.

This email may look like your typical scareware whereby the sender wants you to do something or else something will happen. You’d be right, but what is interesting about this email is that it comes from a support email address. Here’s the email.

The subject is: Re [Reminder] Pending Payment – 417729-2717-757

That’s strange, I didn’t make a payment overnight at 1 am, and the body is definitely something interesting.


Greetings!

I have to share bad news with you. Approximately a few months ago, I gained access to your devices, which you use for internet browsing. After that, I have started tracking your internet activities.

Here is the sequence of events:

Some time ago, I purchased access to email accounts from hackers (nowadays, it is quite simple to buy it online). I have easily managed to log in to your email account .

One week later, I have already installed the Cobalt Strike “Beacon” on the Operating Systems of all the devices you use to access your email. It was not hard at all (since you were following the links from your inbox emails). All ingenious is simple. :).

This software provides me with access to all your devices controllers (e.g., your microphone, video camera, and keyboard).
I have downloaded all your information, data, photos, videos, documents, files, web browsing history to my servers. I have access to all your messengers, social networks, emails, chat history, and contacts list.

My virus continuously refreshes the signatures (it is driver-based) and hence remains invisible for antivirus software. Likewise, I guess by now you understand why I have stayed undetected until this letter.

While gathering information about you, i have discovered that you are a big fan of adult websites. You love visiting porn websites and watching exciting videos while enduring an enormous amount of pleasure. Well, i have managed to record a number of your dirty scenes and montaged a few videos, which show how you masturbate and reach orgasms.

If you have doubts, I can make a few clicks of my mouse, and all your videos will be shared with your friends, colleagues, and relatives. Considering the specificity of the videos you like to watch (you perfectly know what I mean), it will cause a real catastrophe for you.

I also have no issue at all with making them available for public access (leaked and exposed all data).
General Data Protection Regulation (GDPR): Under the rules of the law, you face a heavy fine or arrest.
I guess you don’t want that to happen.

Let’s settle it this way:

You transfer 2.4 Bitcoin to me and once the transfer is received, I will delete all this dirty stuff right away. After that, we will forget about each other. I also promise to deactivate and delete all the harmful software from your devices. Trust me. I keep my word.

That is a fair deal, and the price is relatively low, considering that I have been checking out your profile and traffic for some time by now. If you don’t know how to purchase and transfer Bitcoin – you can use any modern search engine.

You need to send that amount here Bitcoin wallet:
bc1qfg5hsje7p38e3xvl2qawufjc97w2kcv72ry4kf

(The price is not negotiable).
You have 5 days in order to make the payment from the moment you opened this email.

Do not try to find and destroy my virus! (All your data is already uploaded to a remote server).
Do not try to contact me. Various security services will not help you; formatting a disk or destroying a device will not help either, since your data is already on a remote server.

This is an APT Hacking Group. Don’t be mad at me, everyone has their own work.
I will monitor your every move until I get paid.
If you keep your end of the agreement, you won’t hear from me ever again.

Everything will be done fairly!
One more thing. Don’t get caught in similar kinds of situations anymore in the future!
My advice: keep changing all your passwords frequently.


This is interesting, they’re giving me advice but my passwords are held in my password manager of choice.

The mailing address of the email just pasted here is: which does not even exist.

The other piece of the headers which also indicates I can’t go to it is a domain claiming to be Microsoft.

That header comes from the envelope:

(envelope-from example.user50@chivunkentertaiment.onmicrosoft.com)

Microsoft doesn’t own onmicrosoft.com and it said I couldn’t go there. The first one gave me an ATT search page.

I’m not afraid of publishing this, because of the fact that they claim they’ve done things yet people would know if something wasn’t working right or sluggish.

I don’t follow links like I used to, this is how something like Cobolt Strike would be installed on the device.

I’m sure I could change my password, but go ahead, share whatever video you have because it won’t be on my facebook or other social media. Have fun! YOu didn’t even tell me who you were and people who would have data wouldn’t be snooping around for weeks waiting for something people need to do on a regular basis. Have fun because I don’t have a camera attached to this computer, and the one on my phone doesn’t record unless I open the app. Since I use speech, I’d know if my phone was messed with too. So again, have fun!

Also, have fun because there is no DMARC and DKIM in the headers. It says none on both.

Comments (0)

Older Posts »

go to sections menu


navigation menu

go to sections menu