go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: security news and commentary

Go to Homepage [0], contents or to navigation menu



What has been posted to EMHS, week of January 27, 2023

I’m cutting off this week’s updates at 11:30 am on January 23rd. This is what will be posted when EMHS gets updated on the 25th.

Please visit Email Host Security for more.

Blog Posts

We do have a few blog posts, see if something catches your eye or ear.

I may have given you a few more than we needed, but it has been a quiet week in posting to the site.

We’ll be continuing to blog and have continued to blog other stuff of newsy interest, not necessarily for the site though.


Terms

I have added one term to the list. It came about when describing Lastpass’s continuing problems. The term is PBKDF2 and it is listed in the alphabetic list. PBKdf2 will be covered in a future podcast in March.


Companies and services

We’ve got no new companies and services, but we did post to the blog a very interesting recent article from the Malware bites blog. It should probably be no surprise to many on the topic in which it covers.


Podcasts

Our podcasts section got podcast 127 as it usually does, the same day it normally gets released to the public. The blog normally gets it the next day, but we got it up there the same day too.

Books

I’ll be sending Nick a list of authors to look up their books. If anyone of them match what we’re trying to do for EMHS, we’ll add it to this list. Since we don’t have any new books, make sure you check out the list, as it covers things we’ve been talking about for quite awhile.


In Conclusion, we’re trying to provide this as a resource. Please feel free to support the project by sending resources of interest you wish us to look at. Thanks so much for reading and participating! Without you, we can’t do this alone.

Comments (0)

A possible fraudster posing as amazon on the loose

Hello folks,

Today, I got yet another call and email from someone claiming to be an account manager at Amazon. The phone number is a 204 telephone number That number iis: +1 204-515-6163 which belongs to Canada.

Here are the headers of the message I get.


Return-Path:
prvs=3706eb91e=znaahmed@amazon.com
Delivered-To:

Received: from cp1-daltx.nocwest.net
    by cp1-daltx.nocwest.net with LMTP
    id YHX3IyLMwWM/GAAAcL4iug
    (envelope-from
prvs=3706eb91e=znaahmed@amazon.com)

    for
jared@personal.jaredrimer.net
; Fri, 13 Jan 2023 16:24:50 -0500
Return-path:
prvs=3706eb91e=znaahmed@amazon.com
Envelope-to:

Delivery-date: Fri, 13 Jan 2023 16:24:50 -0500
Received: from smtp-fw-33001.amazon.com ([207.171.190.10]:21944)
    by cp1-daltx.nocwest.net with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    (Exim 4.96)
    (envelope-from
prvs=3706eb91e=znaahmed@amazon.com)

    id 1pGRXg-0001fp-1j
    for

;
    Fri, 13 Jan 2023 16:24:50 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
  d=amazon.com;
i=@amazon.com
; q=dns/txt; s=amazon201209;
  t=1673645089; x=1705181089;
  h=from:to:subject:date:message-id:mime-version;
  bh=1i0fnNhg8UFsIxYrYxKnZvkvXGSalzmivrtSmAol8CA=;
  b=ajG1BxJsdvYKlp0arQZbIrwRqBTDwJW2HR1jPA8axoqJKiZKrdbZxFe9
   SSf9i7fadCXpwFIyy6dKtYRVOHFzF7V7dnYM3k5tSdQAf6F+LkO7kteuz
   CbGPCs0nJUAzWKIDmAJhdgnF/Y/74czdwDca+RjvtKU1vljf1a6NY4zaq
   U=;
X-Amazon-filename: image001.png
X-IronPort-AV: E=Sophos;i=”5.97,214,1669075200″;
   d=”png’150?scan’150,208,217,150″;a=”255036661″
Received: from iad12-co-svc-p1-lb1-vlan3.amazon.com (HELO email-inbound-relay-iad-1d-m6i4x-b404fda3.us-east-1.amazon.com) ([10.43.8.6])
  by smtp-border-fw-33001.sea14.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Jan 2023 21:24:02 +0000
Received: from EX13MTAUWB001.ant.amazon.com (iad12-ws-svc-p26-lb9-vlan3.iad.amazon.com [10.40.163.38])
    by email-inbound-relay-iad-1d-m6i4x-b404fda3.us-east-1.amazon.com (Postfix) with ESMTPS id F20FD83140
    for
jared@personal.jaredrimer.net
; Fri, 13 Jan 2023 21:24:01 +0000 (UTC)
Received: from EX19D001UWA004.ant.amazon.com (10.13.138.251) by
 EX13MTAUWB001.ant.amazon.com (10.43.161.207) with Microsoft SMTP Server (TLS)
 id 15.0.1497.45; Fri, 13 Jan 2023 21:24:01 +0000
Received: from EX19D001UWA004.ant.amazon.com (10.13.138.251) by
 EX19D001UWA004.ant.amazon.com (10.13.138.251) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.1118.7;
 Fri, 13 Jan 2023 21:24:01 +0000
Received: from EX19D001UWA004.ant.amazon.com ([fe80::2a53:56d5:307c:7d5]) by
 EX19D001UWA004.ant.amazon.com ([fe80::2a53:56d5:307c:7d5%5]) with mapi id
 15.02.1118.020; Fri, 13 Jan 2023 21:24:01 +0000
From: “Nasser, Ahmed [C]”
znaahmed@amazon.com
To:

jared@personal.jaredrimer.net
Subject: Amazon Business
Thread-Topic: Amazon Business
Thread-Index: AdknlVrsCU59DjAszkO0V7StRi4lpA==
Date: Fri, 13 Jan 2023 21:24:01 +0000
Message-ID:
<>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.197.94.146]
Content-Type: multipart/related;
    boundary=”004_222324030813470790d1510920740662amazoncom“;
    type=”multipart/alternative”
MIME-Version: 1.0
Precedence: Bulk
X-Spam-Status: No, score=-9.6
X-Spam-Score: -95
X-Spam-Bar: ———
X-Ham-Report: Spam detection software, running on the system “cp1-daltx.nocwest.net”,
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 root\@localhost for details.
 Content preview:  Hello , My name is Ahmed , account manager from Amazon Business.
    I am contacting you today because you are currently using a Consumer account
    which only allows you to purchase at retail prices.
 Content analysis details:   (-9.6 points, 5.0 required)
  pts rule name              description
 —- ———————- ————————————————–
 -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
                             [score: 0.0000]
  0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was
                             blocked.  See

http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                              for more information.
                             [URIs: amazon.fr]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -7.5 USER_IN_DEF_SPF_WL     From: address is in the default SPF
                             welcome-list
  0.0 HTML_MESSAGE           BODY: HTML included in message
  0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily
                             valid
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
                             envelope-from domain
 -0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
                             author’s domain
 -0.0 DKIMWL_WL_HIGH         DKIMwl.org – High trust sender
X-Spam-Flag: NO


According to the Abuse IP database the IP 207.171.190.10
does belong to Amazon and is being used as an transit IP.

If you look at the DKIM section of the headers, it indicate that it is not signed.

  0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily
                             valid

While portions of the header indicate that it is valid, one portion shows amazon.fr, possibly another branch of amazon.

This gentleman is offering me Amazon Business. I get Email that greets me by name and talks about Amazon business, but i’ve not taken advantage of it because I don’t have an interest in it.

This email is a general greeting of Hello. He introduces himself and offers the service.

The HTML message for bullet points is spaced.

The link within the message at the end when using shft+f1 or context key, copy link shows a safe link that points to amazon.fr which again is a possible branch of amazon, yet there is something about the mail that is unsigned.

The final piece that I’m going to give you is the last line of the email. It says: znaahmed@amazonco

Now that, isn’t a valid email address! If you were a valid address, you’d put your address in correctly, now wouldn’t you?

Take a look at this, contact amazon and urge them to do something about this type of abuse. Don’t answer calls with this number. I did, was very courteous, yet I now get more phone calls. I believe this gentleman is not an Amazon employee and has taled on their network.

I’ve also sent this to Phishlabs for their review. I probably won’t get a response, but that is OK. I don’t need one. Let the comments begin.

Comments (2)

What has been posted on EMHS, updated January 10, 2023

Hello folks,

Its time we get the blog post ready for publication which will cover what is knew on EMHS. I’ll have all the updates for you, and I hope you enjoy what you find and may learn and take advantage of.

Blog posts

We have a few blog posts for you this time, and some we even updated before the cutoff of January 10th at 1500 hours pacific time.

In some spots last month I didn’t put the publication, so I’ve also fixed that in this update.


Companies and services

I’ve added one new service to the list after doing some consoling about it.

Companies and services of interest
Company or service name Description of company or service
Expand Shortened URL’s This service allows you to expand shortened links from all kinds of services like goo.gl, is.gd, bit.ly and others. It will show you where the final destination of a link goes to. It will not tell you whether it is safe, although it does have Google Safe Browsing alerts available to you. Use this in conjunction with Virus Total to determine if a link is safe. If you trust where the URL is pointing to alone, great! If you still have questions, use Virus Total’s URL checker. We’ve seen expand url say that it is safe according to google safe browsing, but 2 products from Virus Total may say it is malicious or spam. A link to Virus Total is in this list and is highly recommended.

Terms

We have no new terms for people today. But, please feel free to check out the entire list and send me terms that you think might need defining. We may add one after this week’s update, but I still need to look up the topic and get it in to notation form before I decide to list it.


Podcasts

Remember, we’re on several networks and they air at different times. the TSB page lists the times of all networks and provides links. All podcasts are on our TSB page.


Other things

Our web site is located here and is called email host security. The goal of the project is educational and allows people to submit things and ask questions. Find contact information through the podcast, and thanks so much for reading, listening and participating!

The site is copywritten 2022/2023 by the Jared Rimer Network. The site is not for sale and we are not interested in solisitation calls for development services.

By following the links, you’re going there at your own risk. We’ve verified that the link is safe, the service is something we’ve used or know of, but that’s it.

Please send the JRN any questions, comments and concerns.

Comments (0)

This has got to be the worse on social media

According to the current newsletter, Scammers are stepping to a new low.

Ever wanted to do something special for your loved one after something happened to them? Sending them off is probably not the thing to do. Not unless there is a reputable company who will do what you ask for.

A woman in Northern California was contacted through social media and was promised that they would make a portrait out of the ashes of her deceased husband.

After sending the box, the scammers indicated she violated the law and asked for a ransom to get her husband’s ashes back. After refusing to pay, they torment and harass with pictures and threats to trash the remains.

Apparently, this is starting on TikTok, but it wouldn’t surprise me if this appeared on other social media.

Better read up on this one if you can, they’ll stop at nothing to get what they want.

Comments (0)

What do I think about the latest news regarding lastpass?

I was spending some time with the Cyberwire and yesterday’s episode had updates in regards to the fiasco around lastpass’s breach which we talked about as the news was coming out.

As I discussed on yesterday’s podcast, I know that I have a strong master password. I also know that I’ve got strong passwords in most cases, and I know I have several that could use improvement.

With that said, I haven’t seen an email from them except that they said they didn’t believe info was taken, however, since this is now out, the fact that they don’t keep the master password, and they set the account for certain iterations to take place, and I at least have two factor on, means that I could be fine.

I know that it was talked about on this week’s security now, and from what I could gather from the notice, Steve has decided to leave Lastpass.

One of my followers and I had a discussion when I last posted about Lastpass. He started this discussion after this blog post from last year.

While I respect the fact that Lastpass was not forthright in telling us about what was going on, I’m sure it is hard to figure out what to tell the public without making yourself look bad. I’m sure they didn’t really know how bad it was, and only a proper investigation can determine what really happened and I know that can take time.

I only saw one blog post on the subject and the email I got linked to that post which I had read and blogged. The problem with updating posts, is that we don’t see those updates, especially if we are on RSS which I am.

This is looking like a more recent blog post which might need to be read.

With that said, Steve said it best. Its harder to leave and move to another password manager, and unless there’s probable cause, there’s no reason to change.

I’m wondering if that’s the same post I read in December or was it November? If so, they should do what I do. Put new blog posts up so that its fresh instead of updating, since RSS is widely used by people.

Based on what I have learned and the fact that as discussed on twitter, I am not going anywhere. If people have a weak master password, maybe there could be a problem, but I don’t know what is accessible out there and I started with Lastpass.

I do know about Bit Warden but I don’t know if it works the same, i.e. importing all my notes and things besides my passwords.

I guess we’ll see what happens, but for now, I’m staying here.

Thoughts are welcome, I’d like to hear what people have to say. Am I wrong to stay where I am? If I am, what other managers are out there that supports notes, storing credit cards, bank account info, other types of notes like software licenses and standard notes along with your passwords?

Comments (0)

What has been posted to EMHS this past week

Happy new year folks. Hope you have had a fantastic start to the new year.

I’ve been a bit sluggish, but I’m doing ok. I hope that you’ll enjoy what we have posted here and wha I’m going to present to you.


Welcome to the posting we do each week talking about what has been posted to EMHS lately.

It seems like the book never made it in to our list so we’ll try it again.

Blog posts ,/h4>

We’ve started seeing the same things within Kim’s newsletter I.E. What word not to say to an unsolicited phone call, and I know we covered this before but its OK.

i know that the holidays are a bit slower, so this might not necessarily be a post that will be lengthy.

As a side note, while I have not added this to our services, I may be adding one more to our services and companies section. i digress, so here are the blog posts I’ve posted recently to EMHS’s resources page.

If we have overlapped and we posted some of these in prior lists, I apologize. I haven’t posted anything this year, so I’ll know going forward.

Companies and resources

I have not posted anything lately to this section, but this is going to change. I’ve talked about a service and may have linked them but I don’t think its there. I’ll do some consulting to see if it should be listed, and if so, we’ll make it official. For now, we don’t have anything at this time.

Books

Let’s see if I can get this book in to the list this time since we’re going to cover it this week. If you’ve seen it before, please say something.

  • Renee Dudley and Daniel Golden

Other stuff

I’ve done some cleanup on the TSB page and put some headings in place. This way, people can find what hey’re lookking for. The first heading separates the intro from the internet radio section and is titled “Internet Radio Airing” (without the quotes) while the second is titled “Other information you need to know” (without the quotes) so you can find things easier. Yes, that may be a run on sentence, but it’s going to have to do.

As you know, the terms section of the site got a makeover when we alphabetized the list and put the Knowb4 list in its separate section. I feel that this is better as they have a full glossary of stuff that you’ll want.

Podcasts

There were 48 different podcasts in 2022 that we covered under the TSB brand. While we’re on live while this posts, know that the page will be updated after the program completes and the podcast has been put together.

conclusion

I hope that you’ll be interested to see the articles, even if some were in our prior update.

Thanks so much for reading, listening and participating! We hope to have more people do that this coming year. Have fun learning!

Comments (0)

This must be another great email, see if you can spot what’s wrong

After thinking about this email I got this morning,I think I’ve decided how i’m going to present it.

This email may look like your typical scareware whereby the sender wants you to do something or else something will happen. You’d be right, but what is interesting about this email is that it comes from a support email address. Here’s the email.

The subject is: Re [Reminder] Pending Payment – 417729-2717-757

That’s strange, I didn’t make a payment overnight at 1 am, and the body is definitely something interesting.


Greetings!

I have to share bad news with you. Approximately a few months ago, I gained access to your devices, which you use for internet browsing. After that, I have started tracking your internet activities.

Here is the sequence of events:

Some time ago, I purchased access to email accounts from hackers (nowadays, it is quite simple to buy it online). I have easily managed to log in to your email account .

One week later, I have already installed the Cobalt Strike “Beacon” on the Operating Systems of all the devices you use to access your email. It was not hard at all (since you were following the links from your inbox emails). All ingenious is simple. :).

This software provides me with access to all your devices controllers (e.g., your microphone, video camera, and keyboard).
I have downloaded all your information, data, photos, videos, documents, files, web browsing history to my servers. I have access to all your messengers, social networks, emails, chat history, and contacts list.

My virus continuously refreshes the signatures (it is driver-based) and hence remains invisible for antivirus software. Likewise, I guess by now you understand why I have stayed undetected until this letter.

While gathering information about you, i have discovered that you are a big fan of adult websites. You love visiting porn websites and watching exciting videos while enduring an enormous amount of pleasure. Well, i have managed to record a number of your dirty scenes and montaged a few videos, which show how you masturbate and reach orgasms.

If you have doubts, I can make a few clicks of my mouse, and all your videos will be shared with your friends, colleagues, and relatives. Considering the specificity of the videos you like to watch (you perfectly know what I mean), it will cause a real catastrophe for you.

I also have no issue at all with making them available for public access (leaked and exposed all data).
General Data Protection Regulation (GDPR): Under the rules of the law, you face a heavy fine or arrest.
I guess you don’t want that to happen.

Let’s settle it this way:

You transfer 2.4 Bitcoin to me and once the transfer is received, I will delete all this dirty stuff right away. After that, we will forget about each other. I also promise to deactivate and delete all the harmful software from your devices. Trust me. I keep my word.

That is a fair deal, and the price is relatively low, considering that I have been checking out your profile and traffic for some time by now. If you don’t know how to purchase and transfer Bitcoin – you can use any modern search engine.

You need to send that amount here Bitcoin wallet:
bc1qfg5hsje7p38e3xvl2qawufjc97w2kcv72ry4kf

(The price is not negotiable).
You have 5 days in order to make the payment from the moment you opened this email.

Do not try to find and destroy my virus! (All your data is already uploaded to a remote server).
Do not try to contact me. Various security services will not help you; formatting a disk or destroying a device will not help either, since your data is already on a remote server.

This is an APT Hacking Group. Don’t be mad at me, everyone has their own work.
I will monitor your every move until I get paid.
If you keep your end of the agreement, you won’t hear from me ever again.

Everything will be done fairly!
One more thing. Don’t get caught in similar kinds of situations anymore in the future!
My advice: keep changing all your passwords frequently.


This is interesting, they’re giving me advice but my passwords are held in my password manager of choice.

The mailing address of the email just pasted here is: which does not even exist.

The other piece of the headers which also indicates I can’t go to it is a domain claiming to be Microsoft.

That header comes from the envelope:

(envelope-from example.user50@chivunkentertaiment.onmicrosoft.com)

Microsoft doesn’t own onmicrosoft.com and it said I couldn’t go there. The first one gave me an ATT search page.

I’m not afraid of publishing this, because of the fact that they claim they’ve done things yet people would know if something wasn’t working right or sluggish.

I don’t follow links like I used to, this is how something like Cobolt Strike would be installed on the device.

I’m sure I could change my password, but go ahead, share whatever video you have because it won’t be on my facebook or other social media. Have fun! YOu didn’t even tell me who you were and people who would have data wouldn’t be snooping around for weeks waiting for something people need to do on a regular basis. Have fun because I don’t have a camera attached to this computer, and the one on my phone doesn’t record unless I open the app. Since I use speech, I’d know if my phone was messed with too. So again, have fun!

Also, have fun because there is no DMARC and DKIM in the headers. It says none on both.

Comments (0)

What has been posted on EMHS the past week

As I write this, its December 26, 2022. We have been doing quite a bit during the Christmas break, and we hope you enjoy the updates for this week.

The terms section has gotten a lift. We’ve added a new term, but we also alphabetized the list.

We moved the Know Before larger list of terms to its own section.

There is also another larger list of terms that you might be interested in. Thanks to the folks at knowb4 and the rooms I had been in on clubhouse, they were doing this and talking about some of the terms within the list. Its a great resource. Maybe you’ll find something you didn’t know that will help you!


Books

We added one more book that we found, thanks to podcasts.

If this book has been posted once before, sorry about that! Just want to make sure that I cover everything.


Blog posts

The blog posts have been few, but that’s OK. I’ve seen one that I thought I covered so I passed.


Companies and services

There are no new companies and services that we’ve added as of late.


Have you seen something we’ve not added? Send me a note and let me know what you’d like posted that you’ve learned.

Thanks for listening and reading. Learn with us, there’s so much to learn.

Comments (0)

Hacked ring cameras were used to record swatting victims, should we be concerned when other cameras lie about their security practices?

Hello everyone,

I recently read some good news coming out of Krebs on Security. It talks about two men arrested recently for swatting victims and using their ring cameras to taunt police and cause trouble.

Should we really be worried about hacked cameras when a company like Anker can lie about their privacy practices?

blog post leading to article and blog post leading to podcast 124 of tsb

When you listen to podcast 124, you’ll need the first hour where we talk about this in our news section.

Let me say that I’m happy that there may be justice that will come from this article titled Hacked Ring Cams Used to Record Swatting Victims. While swatting is not necessarily a good thing on its own, these suspects taunted police through the hacked cameras which made it much more dangerous in my opinion.

We’ve got plenty of blog posts covering swatting but it is still going on.

This blog post links to an article where the swatter only gets 1 year in jail for doing the crime. This blog post talks about me reading a book and learning that a blind swatter got 135 months in jail. That’s roughly 11 years, and I understand this individual is out.

In one of the other linked articles, the actor only got 5 years. There’s plenty to read on the Krebs article linked here, including that one of the suspects was bragging on discord, another social media platform.

Both suspects were in different parts of the United States, says the article.

Again, we want to bring to you what’s going on in this industry, and swatting, while not as big as ransomware, can still be a problem.

Again, the article is titled Hacked Ring Cams Used to Record Swatting Victims and it comes from Krebs on Security.

I’d suggest a read, learn how you can make sure your camera as safe as possible, and learn. Only have the video for you, not for everyone else to see or commandeer.

Thanks for reading, and have a happy holiday season! This will be the last blog post tuntil after the Christmas holiday. We’ll continue to blog but post stuff after the holidays to allow you to have time to spend with friends and family. Make a great weekend!

Comments (0)

Accessibility of one password, what’s the update?

I was on Apple Vis, a site talking about IOS, the Mac, and other apple products and accessibility of apps.

I came across this forum discussion letting people know of one password and its step backwards on accessibility.

Lastpass went through a phase This blog post talks about Lastpass getting an award and of course improving keyboard access for their disabled customers. I still have issues when adding something via the site, I did that within the past year unsuccessfully, or somewhat with some difficulty.

I still don’t know if the other apps are accessible, and the comments are right. We need to give the company some time to fix what they broke. 3.x was accessible in Lastpass, and somewhat broke in 4. Thehy had to fix it.

I’m not saying lastpass, bitwarden, keypass or any other password manager is good when I haven’t used most of them, I’m saying that there is choice and people will want to use what works for them.

In the comments, I saw someone only using apple keychain. I have it too, in certain situations, but it isn’t cross platform.

I signed up for a service recently, and found that apple keychain had the password, but lastpass did. Apple Keychain chose a password and saved it for me, it didn’t ask if I wanted to use Lastpass for generation and saving.

What have others used and what issues have you had with the manager you chose?

Comments (0)

The top 10 passwords of 2022 are

So … I’m looking at komando.com and their various emails I’m on. In the newsletter I’ve spotted it says that the top 10 passwords for 2022 are now out, thanks to research.

Here is the list.

  1. Password
  2. 123456 
  3. 123456789 
  4. guest 
  5. qwerty 
  6. 12345678 
  7. 11111112345
  8.  12345
  9. Col123456
  10. 123123

Number 8 is spelled c o l and its number for those of us using screen readers.

Should I honestly be surprised that password is the number one password and qwerty (q w e r t y) still being in this list?

I’m not going to assume that these two very easy passwords may be used by anyone I know, and this is not a post that is targeting anyone. If anything, this is a post to show you the trends.

One of the most common passwords that are also used in pop culture is batman, according to the newsletter. That paragraph says:

Hackers can crack these passwords in less than 10 seconds. The same goes for pop culture passwords. Get this: 2.5 million people used “Batman” as a password — and I’ll bet Bruce Wayne would be pretty disappointed with that.

The next paragraph states:

? The billionaire genius would definitely know to use a mix of letters, numbers and symbols. He’d probably follow my golden rule: Come up with a unique phrase and replace the letters with unique symbols only you know.

For example, if your phraise was something like “My dog, Fluffy is one of the best dogs ever” you’d want to change some things only you’d know that would make the password stronger and unique to you.

This way, if you happened to give out your password, you’d say it in words, yet don’t give your secrets and uyou’re still safe.

Frankly, I don’t know if I’d use something like that, as I might forget it. I have used a password manager like Lastpass for quite awhile now, and for things I need secured, I chose a password from it.

Let’s learn together shall we? Enjoy, and make it a great day.

Comments (0)

Have I been Pwned to be added to EMHS

With this week’s update, we’re adding have I been Pwned (poned) to our companies and resources list.

There are a number of resources this page has including a password checker, domain checker, a list of top breached sites and newest breaches.

You’re never shown any passwords and the information is loaded in to the site through information gathering and reports and confirmations.

This is a great resource that people should have. Don’t be scared by going to it, and yesterday’s throwback saturday night talks about this among other things the group and I chose to talk about.

I hope that this resource is of value, and make it a great day.

Comments (0)

Freshbooks being bait for phishing, please be warned if you’re a customer of the JRN

I was looking at my notifications, and its a good thing that I follow Freshbooks on my phone!

handle my billing for customers and the company with They are the company I have chosen to links to the donations that you can pay by credit card on my site.

Today, they released the following tweets and they’ve replied to folks sending screen shots of email they’ve gotten.

Here are those tweets.

FreshBooks: We’re aware of an incident involving spam emails impersonating FreshBooks. FreshBooks emails come from @ http://freshbooks.com or @ .freshbooks.com. If you get emails from other senders, mark as spam and delete. No account info has been compromised—this is phishing.

FreshBooks: For more information on how to identify phishing emails, check out this post: ??https://www.freshbooks.com/blog/phishing-emails”

How to Identify Phishing & Spoofed Emails is the article title.

I will be sending this blog post to my customers, as they are freshbooks customers by being billed.

Thanks for reading!

Comments (0)

Job warning: I think these are scams

Hello folks,

Just want to pass along a note that I’m seeing job postings delivered to me at the network address for live chat positions starting at $.50 a minute. I looked at one link and it isn’t a link to a company based on the sub domain and the long lengthy string at the end of the URL.

I know that actors are trying to get as much information from people as possible, and part of that is information that you would give as part of a job application or even during the hiring process.

I believe the one URL I looked at belong to the tld .live which is relatively new.

If there becomes an article about this type of thing, I’ll be sure to post it if it comes across my desk.

Thanks so much for reading, make it a great day!

Comments (0)

Blog posts talking about the landscape

Hello folks,

There are tons of articles out there, and now they’re known as blog posts. Today, I want to share all of the posts, ome of which came from this blog, as well as others we’ve blogged about in other articles.

While I’ve sent quite a bit to TSB’s list, I know that not everything matches what EMHS is being built to have.

If you find an article that you think fits what the site is trying to pass along, please send me an email to tech at menvi.org and or post the article directly to TSB’s email list. A link to that list is on this blog in the blogroll.

The articles here represent what’s going on or what has been seen. While I have sources, different sources cover things differenty, so please subscribe to TSB and share those articles. I’ll do my best to make sure I read everything, no matter how busy I am. I’ve neglected quite a bit, and I know that every article is important, especially for a service like what EMHS is being built to have.

Please let me know what other sources I should follow, or send the articles to our list or to me directly.

Thanks for helping EMHS grow!

Comments (0)

Books found talking about the landscape

Hello folks,

As I’VE stated, i’m working on Email Host Security and now its time for books.

While I wanted to talk about Spam Nation by Brian Krebs as part of the book series, it is an older book, and it talked about past things.

Below, please find the authors and books I’ve read, or are currently still reading.

There are always more, and I know that links are to Amazon. In the list I’ve compiled and we talked about, only one book is on Bard.

This is one reason why we need other services like Bookshare to assist. Some of these books may be there.

All of these books are on Apple Books in print and audio.

If you have read a book similar to the ones listed herin, let’s gather them and make our list worth sharing.

Please send me an email at tech at menvi.org with the title(s) of the book(s) and the author(s) as well.

I want this to be a resource for people o learn from what the books have to say.

Thanks for making this successful! This comes directly from our EMHS resources page.

  • Mark Russinovich
  • Scott Schober
  • Kim Zetter
  • Mikko Hyponnen
  • Comments (0)

    The companies and services we’ve found of interest

    While I’ve been working on email host security I’ve found companies that might be of interest as well as services to use to help us be safe in what we do.

    While the JRN can’t vouch for every single company and service on its accessibility, we want people to know what is out there. We made this in to a table where the company and description are given.

    If you’ve found a company that made you more secure in wha you do whether its a virus scanner, malware checker, or otherwise helped you in some way, send me an email at tech at menvi.org and vive me a list of what you’ve used and include a URL to the company.

    Below, find the table as found on our resources page. Note that we can’t include everyone, but ones that have helped you or ones we know about. There are always new companies out there, so let us know what you find.

    Companies and services of interest
    Company or service name Description of company or service
    Phish Labs by Help Systems Phishlabs was started after a security engineer turned product engineer found that he could take Phishing sites down, but they came back up shortly after. Phishlabs runs a blog that talks about the landscape as well as protecting large companies and their brands from impersonation attacks as well as other attacks they might face. They may reach out to other companies if they detect something that needs taken down. The heading on the home page says it all. It says: “Digital Risk Protection through curated threat intelligence and complete mitigation.”
    Virus Total Virus Total is a service where you can send files and URL’s for analysis. The site will return any negative results, telling you what might be a problem so you can be informed what you receive. For best results if using screen readers, the JRN recommends you use Chrome.
    Trend Micro Trend Micro is one of the leading antivirus companies. They’ve been in business for at least 30 years if not longer. They’ve got products for home, business and more. They even have a free product called house call which works with the main hard drive to find problems.
    F-Secure F-Secure is one of the leading antivirus products that has also been around for at least 30 years. While the JRN has no experience with this suite of products, they have a lot going for them. One of their employees has worked for them before they became F-Secure and has recently written a book.
    Malware Bytes Malwarebytes is one of the most accessible pieces of software out there to protect you from malware and ransomware. The price is pretty reasonable and it seems to do a great job. They’ve been around for quite a number of years, and is recommended in the blind community. Their slogan on the home page in heading says: “CYBERSECURITY.
    FOR EVERY ONE.”
    Know Before: Security Awareness training Know before (knowbe4) is a company out there providing training on the different aspects of security including phishing. They’ve had clubhouse rooms that I enjoyed where we talked security and scams of interest. Please check them out, as some things may be free to get.

    Note that these are the ones I know about. There may be some you have used that you know about that aren’t listed here. Let’s get these resources together and I can update this list on the EMHS web site.

    Comments (0)

    The terms so far we’ve found to define

    While I’ve worked on Email Host Security the site where I hope people can learn, I’ve found some terms (whether defined by Wikipedia or other sources) that may be of interest.

    In this blog post, I want to share the terms, and if applicable, where they were gotten from.

    If you feel that I’m missing a term, I want to hear from folks. Without your help, we can’t know what’s missing on our own.

    Here’s the list taken directly from EMHS’s resources page. Note: if there is nothing after the entry, we got the term defined by Wikipedia.

    I want to make sure we cover as many as we can because they come up as part of our landscape we live in today. One of the resources is to Know Before, a company that does teaching.

    I’ll be posting the companies and services later on to see if we’re missing any company or service that you feel should be there later.

    For now, peruse this list, and send me an email at tech at menvi.org and let me know what’s missing.

    Thanks for helping us stay as secure as possible!

    Comments (0)

    Don’t visit the site in this post, Google and Chrome have warnings and tools can verify this too

    Remember when Komando posted about not ignoring warnings that the browser puts up to try and protect you? Well, I have a perfect example of this.

    Do not visit this page, or if you do, you’ll get warnings.

    I just was looking at my email and saw an email about my Norton Subscription. OK, Its Spam, I say because I don’t have Norton on this computer. All it leads to is a link and a bunch of nonsensical text as Spam goes. Checked the email address and its coming from that same domain.

    What’s the domain you ask? Its heatwell.email.

    Name Cheap is one such registrar that sells .email domains. For searching purposes, I looked my name up and under more domains after the large list of ones they offer, you can select more and I found jaredrimer.email for sale. No, I’m not buying it, but it is a new domain.

    While I only used two services which I have bookmarked, there is no who is information available for this domain. One of my favorite services which we’ve not talked about says that it is resolved to an IP which is not in the database of abused IP addresses. Since Google and Chrome knows its malicious, there’s nothing for me to do.

    Accrording to Virus Total 4 venders flag it as malicious. Its status is 403. All four of the venders, listed in alphabetical order says its phishing. Google safe browsing on Firefox and google Chrome will not let you visit it. Not without jumping through hoops anyway.

    Its last analysis was 7 days ago (UTC) time.

    While one service for reporting abusive IP address says it is a 172 IP range, Virus Total under details shows a 104 IP range. I’m not going to give the info, I’m just showing you what these tools offer.
    The rest of the tabs yield nothing of value, but worth looking at.

    This is why it is important to check things out before visiting pages, as in this case, both browsers I use on the PC side told me its a problem, but some sites I’ve seen do not.

    I di not link to the page and I am posting this to show you what I’m seeing.

    If there are questions, please get in touch. Thanks for reading, and make it a great day!

    Comments (0)

    Email host security is now up and running!

    For Immediate Release:
    Jared Rimer
    Woodland Hills, California
    818-921-4976 )phone)
    804-442-6975 (text/whats app)
    www.jaredrimer.net (website)

    November 6, 2020 was a very interesting day. I woke up to an email that seemed quite interesting, but yet suspicious at the same time. The email claimed that I was going to lose my email address unless I confirmed its details. The problem was, and still is, that I control the domain and there is a control panel that allows me to create and remove email addresses at will.

    As explained in the blog post on emailhostsecurity.com when you go to it, this email didn’t seem to have a valid name. and just looked spammy.

    The email said there was unusual log in activity and if you look closely, it appears that things are on the up and up, correct? If you didn’t know better, the answer was yes.

    Look at the link in the blog post. It was http://emailhostsecurity.com/?page_id=26 which is unlinked and will continue to stay unlinked. This particular page asked for an email address and a password.

    Wanting to mess with them to see where it went, I gave them my very old, non-existent codeamber.org email address and a made up password. The site said “thank you!”

    I then went to the original page for this domain, emailhostsecurity.com and I clearly remember that it had images, and a copyright. This copyright said it was Cpanel. This seemed very strange to me, as cpanel has their own website. They provide a control panel which is used around the globe which allows you to control email, ftp, installation of scripts, stats and more. Of course, this isn’t the only control panel out there, but one that a lot of people are familiar with.

    As I wrote on the blog post, the creation date was November 4, 2020 and expired three years later. I made a phone call, and I also sent my good buddy who I like, Brian Krebs, the blog post.

    Some months later, I saw the HTML page I described above down and replaced by a blank page with nothing on it and no coding at all. Just a blank file that someone put up.

    Some time after that, I saw that the account was suspended. Cpanel offers the ability through its web hosting control panel to suspend an account. Chances are, they left the id page up and continued to send out email through forms or otherwise to get people to submit email credentials.

    Unfortunately for them, the domain was taken away from them, and I toyed with the idea of buying it. Icann, the U.S. authority on the .com domains must have gotten involved after repeated reports to whoever hosted the domain didn’t do anything, or tried but couldn’t solve the issue as the people probably claimed they weren’t doing anything wrong.

    After buying the domain after consoling, I developed and will maintain a comprehensive site of TSB, resources including terms, books of interest, articles dealing with phishing and the landscape, and companies that can help with antivirus and learning about the landscape.

    They include companies like Trend Micro, Phishlabs, F-secure, Virus Total and more. Books will be from authors like mikko Hyponnen, Scott Schober and others. When there are others to add, we’ll add them. Blog posts from Phishlabs, my own blog, Kim Komando, Cyber Scoop, Krebs On Security, and others wil be posted when they talk about phishing, email and the landscape where a serious attack or something of interest that people should know will help people learn. The blogs will talk about how the attack started, and mitigations to help you spot what’s up and prevent yourself from getting bit too.

    Today is November 2, 2022: two days before the initial two-year anniversary of the domain’s first existence. Today, we have officially launched a comprehensive page as described above to show people that domains can be used for good, once they were bad.

    As I’ve stated on TSB many times, I may not have all the answers, but if we all work together, we can find one. With the blessing of Scott Schober I got during the beta process, he started correcting my errors and gave me a thumbs up.

    Even colleagues I work with at Freshbooks gave me a thumbs up. During the beta cycle, Nick in Santa Barbara, Preston from Throwback and others encouraged me to make this web site and how it would benefit the community as a whole.

    Today, November 2, 2022: I present to you: Email Host Security. Its now fully launched with a complete directory of TSB, info on email as it once was and how it is now, and the above resources.

    There will be no contact through email host security, and that was my choice. I have plenty of email addresses that I don’t feel I need one there, and like on Michelle Dyer’s memorial page, I have it up for learning and referencing things. Michelle’s page is a memorial page and family and friends can go and download and listen to past audio.

    This site is similar. I don’t need to be spammed there at EMHS, I don’t need to be targeted in phishing and the like there, and the domain will stay clean.

    I wil continue to renew the domain so it survives, and will keep it as clean as possible. I hope that you all enjoy the site, and now … it’s official!

    Go over to email host security and learn.

    If you’ve come from the beta, the redirector will last 30 days and will be removed. The beta is now a fully launched project on its own web site where it belongs.

    If you have any questions, please contact me by the information above.  I look forward to serving you!
    

    Sincerely,
    Jared Rimer
    web site

    Comments (0)

    Older Posts »

    go to sections menu


    navigation menu

    go to sections menu