go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: Home [0]

Go to contents or to navigation menu



Mirai is back, its really getting bad now

Mirai has really taken on new twists. In a little bit of a dated article, its the beginning of an investigation in to this updated malware that takes advantage of a 2020 flaw. In a more recent post, more details about how this thing works now.

The first article is Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902 which seems in hinesite pretty bad. The second, New Mirai Variant Expands Arsenal, Exploits CVE-2020-10173 which I think is the older one.

No matter how you read it, both articles are quite interesting, and you should catch yourself up if this interests you. Its only going to get worse. I’m not looking forward in this.

Comments (0)

This week in Security news, news ending August 1, 2020

Welcome to August! I can’t believe we’re already in August. Where has this year gone? This week in security news was quite interesting, and even the big news we talked about in this blog post was covered.

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This
week, read about how Trend Micro found an IoT Mirai botnet downloader that can be added to new malware variants to scan for exposed Big-IP boxes for intrusion.
Also, learn about how the Vermont Department of Taxes may have been exposing taxpayer data for more than three years.

  • Ransomware is still a problem to business and I covered this on this blog post.
  • In an article, we are now learning that the Garmin attack was the work of ransomware, in case you didn’t know already.
  • We covered Enciko this blog post and it is definitely in the news for this week. This was the blog post where a specific name used within the code killed PHP along with other things along the web server front.
  • We’ve got a boot hole threatening lynux and windows devices.

These are some of the items this week. Did you read the post by John Clay? If you answered yes, what did you think? If you said no, would you like to see if something interested you? If you said yes to that question head on over to trend micro’s blog and read: This Week in Security News: Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902 and Vermont Taxpayers Warned of Data Leak Over the
and I’m sure there will be something of interest that you’ll want to read. Thanks for supporting my work, and I hope to see you on another edition of another tech related program really soon!

Comments (0)

Cyberscoop has some more news on twitter: Krebs adds to it too

There are two articles on Cyberscoop. The first, names the 17-year-old as Graham Ivan Clark . While the news sources that cover main stream news didn’t name the 17-year-old, we know that this individual will apparentlly be charged as an adult, so I don’t see why I need to keep that silent.

Members of the scheme allegedly communicated on the messaging app Discord, advertising illicit access to Twitter accounts and promising to provide other
users with access to any account in exchange for a fee.

Tweets from the high-profile victims resulted in 415 bitcoin transfers into a cryptocurrency account controlled by the attackers, according to a criminal
complaint. The suspects earned more than $117,000 as part of the effort, according to the DOJ.

I’ve heard of discord, but I’ve never used it. I don’t remember the other articles mentioning this, and I found this of interest.

This first article is entitled Hackers breached Twitter accounts by targeting employees by phone and is only the beginning of what could get interesting.

The last, Hackers breached Twitter accounts by targeting employees by phone talked about the Spear Phishing attempt. Read more about phishing via Wikipedia which has a heading for Spear Phishing.

The attackers targeted a “small number of employees through a phone spear phishing attack,” Twitter said in a statement. Thursday. Not all the affected employees had access to account management tools, the company said, but hackers used their credentials to gather information
about Twitter’s internal processes. They then used that reconnaissance data to inform attacks on Twitter personnel with deeper access.

“This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal
systems,” the company said in a blog post.

I’m sure people will want to talk about this, and the boards and my email await you. This is definitely getting interesting.

Brian Krebs also just published today Three Charged in July 15 Twitter Compromise which I thought he would.

I have not yet read Kreb’s take on this as of yet. I know I will enjoy it, but there are some more sources on this.

The first https://technology.jaredrimer.net/2020/07/31/florida-teenager-arrested-in-massive-twitter-hack-two-adults-also-charged/”>blog post on this subject takes it from mainstream media sources. This post takes it from the tech sources I read. One of the posts was from a tech source, but here is some more. Enjoy!

Comments (0)

Florida Teenager arrested in massive twitter hack, two adults also charged

I’ve seen multiple sources that are reporting that a 17-year-old teenager has now been arrested on July 31, 2020 in connection with the massive attack that took control of multiple high profile accounts to send out a bitcoin scam. Florida law, according to a CNN article, allows for the prosecution of minors as adults in certain circumstances.

Steve Gibson, the host of Security Now, sent out two links. The CNN article, Herbie, a past contributer to this podcast, was responsible for sending me.

Steve Asks on a retweet of Tech Crunch,

“The Twitter Hacker: A 17-year old minor? ”

Somehow this doesn’t surprise me one bit anymore.

According to Tech Crunch’s coverage, the teenager who was not named, will be charged in 30 different charges.

The state attorney’s office said that the teen was arrested earlier today after an investigation by the Federal Bureau of Investigation and the U.S. Department
of Justice, and that they will be tried as an adult. They face charges including one count of organized fraud (over $50,000) and 17 counts of communications
fraud (over $300).

Twitter has been transparent in the case to date, and I feel that it was an honest mistake. Two other people are named and have been arrested. One was based in the United Kingdom, the other, in Florida. The Florida man will be tried here in California.

According to a Tampa news source Steve also retweeted, the teenager is being charged with the following:

  • • Organized fraud of over $50,000
  • • 17 counts of communications fraud of over $300
  • • Fraudulent use of personal information of over $100,000 or 30 or more victims
  • • 10 counts of fraudulent use of personal information
  • • Access to computer or electronic device without authority, scheme to defraud

In all of the articles, if I haven’t mentioned it already, the teen is being charged with 30 felony charges.

Also, the articles may say things a little bit differently, but all have the same type of information.

One of the articles talks about the two adults and what they’re being charged with.

Further Reading

The following sources were either provided to me, or retweeted. They all pretty much say the same thing, read the one that you’d like to read. They say things a bit differently, and one may have more than another. Feel free to check them out.

There may be other sources I’m not aware of, but if they have more than what I have here, I’ll be sure to blog again.

Comments (0)

Server maintenance along the network

I posted the following to various places along the network. I apologize for the downtime.


Users and visitors,

There was some server maintenance performed over night, and that maintenance looks to be complete. If you are noticing any issues, please contact the Jared Rimer Network and let me know of any issues. Thanks for your continued support.


I was emailed by our other admin, and I sent him back a similar email. Sorry about that, we should now be good. I hope you will continue to check out the blog and podcast, its going to be a good time here.

Comments (0)

Firefox upgrades, fixes in the works and a great fix for Jaws users

Hello everyone,

I was having issues accessing some sites including this blog’s posting page after upgrading to 78.0.1 some time ago.

I got interested in what was new as I saw it pop up just now as I wanted to go check something out and saw that firefox was updated.

Here’s what is fixed in version 79.

  • Various security fixes.
  • Several crashes while using a screen reader were fixed, including a frequently encountered crash when using the JAWS screen reader.
  • Firefox Developer Tools received significant fixes allowing screen reader users to benefit from some of the tools that were previously inaccessible.
  • SVG title and desc elements (labels and descriptions) are now correctly exposed to assistive technology products such as screen readers.

Want to read the entire release notes? Please head on over to the firefox release notes page for the full details.

Comments (0)

The Security Box, podcast 3: Coppa and other newsy things

The RSS feed has the podcast. Should you have any trouble getting at it, please contact me at tech at menvi.org requesting a copy. I’ll send it through wetransfer’s service.

Please find the show notes below, and I hope you enjoy the podcasted edition of the program!


Welcome to the Security Box, podcast 3. We really only have one main topic here. We also include news, notes, and other things in passing.

We’ll have two segments on things to ponder where personal information is concerned, and we’ll also have your comments, questions, and concerns. I hope you’ll enjoy the show as much as i have putting it together!

Thanks to everyone that decided to participate during the live program. Remember that if you listen through the podcast, your voice still counts, so get those emails, imessages, texts, or whats app messages to me. Contact info is given throughout the program, and thanks so much for listening!

Comments (0)

This has to be the biggest breach to date

Shaun Everiss, our other administrator, sent me a link to one of the worst hacks I think we’ve ever seen.

While this is not surprising to some, this is not the first time anything has happened.

Here is the entire Email Shaun sent me this afternoon on this.

Hi.

https://www.vice.com/en_us/article/5dzkd5/the-garmin-ransomware-hack-is-horrifying

It was bound to happen eventually I mean lets face it we use gps devices and they are a target, never the less its still a shock even though you sort of expect this thing these days.

If they can hack your smart watch and phone they can do just about everything else.

I use a smart stereo and tv smart box here.

These are in standbuy when not in use and are available to app control.

Though I am secure on my end and so is everything else, if they can get in, there is a lot of dammage one could probably do.

Gps data is one thing, and while a stereo is limited to playing random tracks and shoving volume up to the max, etc, if they got your passwords to spotify and other accounts then you would have a lot more trouble.

This shows that if its used by the masses its a target.

And no matter how secure you are the bad guys are watching for the slightest mistake.

I remember seeing something earlier about this mess, and I wasn’t wrong.

In 2018, the Guardian reported
that fitness tracking app Strava gave away the location of secret U.S. army bases by releasing a data visualization map that detailed the activity of
Strava users. The data visualization map could be used to identify U.S. bases by mapping the activity of military personnel using the app, which became
apparent in places like Afghanistan and Syria where it appeared the app was almost exclusively used by those in the military.

According to the article:

Scott-Railton also noted that while many consumers may know Garmin for its wearable smartwatches and sports and fitness tracking systems, the company also
has a full fleet of navigational products

and I bet none of us really know what those products are.

Each and every company always says that our privacy is their utmost priority. Even on the Securty Box’s coverage of Coppa, the question was asked about web sites in general and how verification of the data takes place. It can’t be done, I said, unless a human does it. That is why MENVI does all of our application sign ups manually, and it isn’t ever stored in any database accessed on the Internet. It is just too risky!

The article I’m going to link to has a link to the company’s press release. To read more, The Garmin Ransomware Hack Is Horrifying from vice, part of motherboard. I want people to comment on this, as the company is well-known. This can’t be good. This can only get worse. Thank you Shaun for adding your comments and allowing us to use them. I think you’re spot on with them.

Comments (0)

COVID closures means more to business ID theft than you think

Hello everyone,

Yesterday, I read an article talking about Business ID theft. It is on the rise amid the Corona Virus closures. If you’re any kind of business, I believe that you should be knowing this. I do not believe that technology businesses are any differently ran than any other business today.

Krebs really dives in to this particular problem. Here are just a few of the top paragraphs to illustrate why I decided to have this story covered on the blog.

Identity thieves who specialize in running up unauthorized lines of credit in the names of small businesses are having a field day with all of the closures
and economic uncertainty wrought by the COVID-19 pandemic, KrebsOnSecurity has learned. This story is about the victims of a particularly aggressive business
ID theft ring that’s spent years targeting small businesses across the country and is now pivoting toward using that access for pandemic assistance loans
and unemployment benefits.

Most consumers are likely aware of the threat from identity theft, which occurs when crooks apply for new lines of credit in your name. But the same crime
can be far more costly and damaging when thieves target small businesses. Unfortunately, far too many entrepreneurs are simply unaware of the threat or
don’t know how to be watchful for it.

What’s more, with so many small enterprises going out of business or sitting dormant during the COVID-19 pandemic, organized fraud rings have an unusually
rich pool of targets to choose from.

If a New Jersey based company can be taken out and problems occur, so can any other business. Maybe the larger businesses can survive and recover, but it honestly depends on how much they’re taken out.

To read the entire story, why not check out Business ID Theft Soars Amid COVID Closures by Brian Krebs and we can definitely discuss on either podcast. What risk are you?

Comments (0)

Russia targeting Corona Vaccine, we’re no closer, news sites are late

In one of the rooms I’m in on live Wire, we’ve been talkinbg about the news. While this may be a little dated, I was looking for something Specific on one of our local news sites. On there, it had a headline talking about Russia causing problems with the research in to the Corona Virus. The first article Russian government hackers targeting coronavirus vaccine research, UK, US and Canada warn was written on July 16, 2020. I read this article three days later. KNX, my local news site, posted an article today entitled US Officials Say Russia Spreading Misinformation on Coronavirus Pandemic and it was posted today.

While outside influences are messing with research, news sources need to be correct in their reporting. We should not see information a week later after some tech related site breaks the news first.

I was looking for a specific story about something I had heard on the scanner that they don’t have. Its nice that they cover the news, they are our only news source. Why are they publishing this today?

The cyberscoop article talks about APT29. They are a group that creates tools that are persistant in nature and hard to deal with.

There is a lot of linking here, but i suggest that you take a look at the Cyberscoop article, and read KNX at your leisure. Its time we get a vaccine and the only way we can do that is if each nation do their own research in to what is causing this virus to spread and what type of combination of things can solve it. Metalling in research is not going to get the country any closer to solving this problem.

Comments (0)

Lastpass has an update in regards to their Phishing post earlier

Earlier, Lastpass, the one password you’ll ever need, posted a blog post talking about how people are going around as them asking for master passwords. In a blog post PHISHING ALERT | FRAUDULENT EMAILS REQUESTING MASTER PASSWORD UPDATE lastpass gives some examples on what has gone on that they’ve seen. I’ve been trying to think on how to write this, but I’m not coming up completely blank. The problem is that people are using their name to get information so they can take control of your account. This is one service that even the free users get two-factor options, although there are primium options that they offer as part of the monthly subscription.

This is only one kind of phishing attack, there are many more kinds and samples. Stay safe.

Comments (0)

Ransomware has stopped on consumers, business hit hard, web servers now at risk

In the latest in Ransomware, Trend Micro has a very interesting blog post about no more ransome and their 4 year anniversary. Think about this short paragraph. It says:

Celebrating its fourth anniversary this week, the initiative has helped over four million victims fight the scourge of ransomware, saving hundreds of millions
of dollars in the process. At Trend Micro, we’re proud to have played a major part, helping to decrypt over 77 million files for victims.

Think about this! 77 million files. I’ve never been to No More Ransome as of yet, but I think this is a great place to go. Maybe besides various files to decrypt things, we can learn quite a lot. I’m going to have to take a look at this.

Speaking of Ransomware, they also have an article which is heavily imaged for the sighted that might be of interest. Ensiko: A Webshell With Ransomware Capabilities is the article and it is pretty bad if you run in to anyone who may be infected with this.

There are various headings within this article. They include:

  • Technical Details
  • Webshell features
  • Ransomware Analysis
  • Tool set
  • Steganologer
  • Backdoor Scan
  • Remote server scan
  • Mass Overwrite
  • Mass Overwrite

There is also a heading for conclusion.

One of the things that caught my attention was a table of features. While I try to keep this blog clean of language, I think this is worth mentioning.

Safe Mode Fucker: Disable PHP Safe Mode

is one thing that could really harm a web site. Our very own control panel along with others across the internet run the control pannel by cpanel. They are the leading control panel software with its own host manager interface for administrators.

This particular malware or ransomware can take quite a number of people out, and this article by Trend Micro called Ensiko: A Webshell With Ransomware Capabilities should be studied. This is not going to look good and I saw this article today.

Comments (0)

A twitter update worth sharing

I decided to go ahead and check on the twitter issues we’ve had been covering both on the box, and a segment in the regular podcast.

Twitter Support, We’re hearing confusion around how the 8 accounts we reported yesterday relate to the 36 we reported today. These numbers refer to different things. 5 days ago, Twitter Web App

Twitter Support, 8 is the number of accounts where an archive of “Your Twitter Data” was downloaded. This includes all of *your* account activity including DMs. None of the YTD downloads impacted Verified accounts. https://help.twitter.com/en/managing-your-account/accessing-your-twitter-data 5 days ago, Twitter Web App

Twitter Support, 36 is the number of accounts where the attacker took control of the account and viewed the DM inbox on https://Twitter.com. 5 days ago, Twitter Web App

Twitter Support, To recap:
?130 total accounts targeted by attackers
?45 accounts had Tweets sent by attackers
?36 accounts had the DM inbox accessed
?8 accounts had an archive of “Your Twitter Data” downloaded, none of these are Verified 5 days ago, Twitter Web App

I want to make sure people see this, as Twitter has been very transparent as of late, so this is a good sign. These tweets are 5 days old, and I tought about looking as of late. Its never too late to share this type of data with the community in case they do not follow or know about the information being disseminated.

What to read:

Were you impacted by the issues that started on July 15th? Do you think twitter has been more transparent? Please sound off! If you’re a twitter user, read the related link dealing with your data, I’ve read quite a bit and its pretty straight forward.

Comments (0)

North Korea is at it again, handing out Ransomware it seems

North Korea has been responsible for quite a lot in the last many years. A wannacry search on the blog which was later attributed to North Korea turn up the following blog posts.

Frankly, putting attributions on these types of things are hard. Really hard. North Korea built Wannacry to try and get some money, and that, according to a recent article, was because they have sanctions in place for whatever political issue targeted this.

While I don’t necessarily want to make this a political blog, sometimes, politics and technology will cross, so if commenting, please be respectful and we’ll be OK.

In an article entitled North Korean hackers are stepping up their ransomware game, Kaspersky finds written by Cyberscoop, it talks about the antivirus company finding a strain in their telemetry that hasn’t really been there but has been used before.

We know from experience that the Lazarus Group
has been responsible for some pretty interesting things through the years. According to the article that is the mainstay of this post, this group has assisted North Korea in giving them a leg up in to their arsenal. We know by articles on ransomware, it has jumpped pretty high in recent times, and now more than ever even during these trying times. I’m sure that as I catch up, we’ll find some stuff that might be of interest in regards to this.

I’m sure this is going to get interesting as we learn more about what governments are up to to try and get a leg up on whatever they want to use the stuff for.

Would you like to read more about what North Korea has been up to? Please feel free to check out this article entitled North Korean hackers are stepping up their ransomware game, Kaspersky finds and I hope that we can all learn something from this.

Comments (0)

New York charging First American Financial for massive breach, wake up calls for business

In an article a little dated, we are going to learn how First American got charged for their breach. According to Krebs on Security, First American is a mortgage company.

In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. had exposed approximately
885 million records related to mortgage deals going back to 2003. On Wednesday, regulators in New York announced that First American was the target of
their first ever cybersecurity enforcement action in connection with the incident, charges that could bring steep financial penalties.

According to the article, it is a leading title insurance and settlement services agency. They are based in Santa Ana, which is in Southern California. It braught in 6.2 billion dollars in 2019 alone.

As first reported here last year, First American’s website exposed 16 years worth of digitized mortgage title insurance records — including bank account numbers and statements, mortgage
and tax records, Social Security numbers, wire transaction receipts, and drivers license images.

The documents were available without authentication to anyone with a Web browser.

This is not the first time I’ve seen this type of mistake happen. I’m sure searching the blog or even the Internet as a whole will turn up various articles. We’ve got to get better in training people that leaving these databases exposed like this will become a potential problem. I hope that this charge and potential fine or however it works is a wakeup call for businesses to care.

To read more, Check out Krebs on Security’s article: NY Charges First American Financial for Massive Data Leak for full details.

Comments (0)

Security Updates

I really want to take this opportunity in thanking Shaun for his hard, dedicated work on the recent issues that have plagued the blog as of yet.

As users know, I had been the only one dealing with the blog and no plug ins except for a few recommended ones I found and installed based on recomendation.

Last time I had an influx of spam, I had turned off registration because that was the only thing I could find to do.

I’ve tried installing recaptcha on MENVI’s web site on its forms and was never successful.

I really like the idea of what version 3 has to offer, leaving users alone unless there is a very valid reason for it to do so. That is why I tried to implement it there, and was never successful. I read the documentation, and never got it to work.

Thank you Shaun for your dedication, and I hope to continue to have you as much as I can for what time you can give. You’re very valuable and I think the blog should see this.

Thanks for reading, and enjoy your day!

Comments (1)

and here we go again.

Hi all.

Well the scammers are getting through.

I have been looking at all the security systems over the last day.

Since it aint a user issue I decided to ripp out the security system.

The logic captcha is gone, the zerospam is gone, akismet and jetpack
protect are what I have now.

So I have enabled registration again but now have the simple recaptcha
in v3 mode.

This is supposed to stop spammers and not actually impact users.

Its monitoring everyone that logs in but its not going to do anything
unless you are bad.

There are other ways to handle this including just blocking registration
forms with recaptcha in annoying mode.

This may be it though.

I am now putting all my trust into jetpack and its akismet companion
software and seeing what it all does.

And its actually working!
No more spam registrations.
The plugin is called simple captcha recaptcha and it does what it does.
No spam, and we are getting users just going in.
Aparently it supports all the standard forms by default.
Looks like this is it.
All sorted for now.
And here we go. its fixed yaay.

Comments (0)

Twitter has new info, seems like a group was involved

Last week, I read an article about Twitter and 30 accounts out of the 130 had direct message access. This isn’t anything new to me, seeing that administrative tools of any kind can bypass any type of two factor.

Hackers who breached Twitter’s systems last week likely accessed private messages belonging to 36 of the 130 accounts targeted, including messages for
a Dutch politician, the company said Wednesday.

In an updated blog post, Twitter said attackers accessed the direct message inbox of 36 accounts, meaning the intruders were able to view conversations belonging to affected users.
The company did not disclose the accounts that hackers had accessed, other than one elected leader in the Netherlands. Twitter has “no indication that
any other former or current elected official had their DMs accessed,” the statement said.

The statement suggests that hackers had access to private conversations from some of the most famous people on the site.

According to another article, short character accounts of 2-4 characters means status on the platform, similar to being in a gang. I never would’ve tried for a two to four letter name, I don’t think I liked that idea. The Krebs piece talks about several people and someone supposedly belonging to twitter that is named Kirk.

Any twitter postings never mentioned employees by name, and I found this particular article of interest.

The people involved in obtaining those OG accounts on July 15 said they got them from a person identified only as “Kirk,” who claimed to be a Twitter employee

Krebs on Security links to a New York Times article which I’ve not read and I do not vouch for its credibility.

Suffice it to say, I found both of these articles of value in their own right, and you can read these on your own time.

Dear readers, what do you think? Please feel free to comment here or by email. I look forward in hearing what you have to say. My comment boxes are awaiting you.

Comments (0)

Last Week in Security News, news ending July 24, 2020

Lots of various things in last week’s news from Trend Micro. What interested me is the Apple news where it was mentioned that Apple would be giving specialized devices for testers to break. My question would be whether or not this is a good idea, and also what differences between those devices and ours they’d have.

We know Cybercrime has really boomed, bud did you know there is a business model for it?

I read an article in regards to technical debt and whether organizations have one.

PDF just needs to go. Even if you can digitally sign the files, now we’ve got more to worry about.

Malware is being linked to North Korea, and it covers multiple platforms.

Want to check out anything in particular from last week?This Week in Security News: Trend Micro Research Uncovers the Business Infrastructure of Cybercrime and Apple Launches Security Device Research Program is the article, and I welcome your comments.

Please feel free to contact me at any time.

Comments (0)

registration temperarily removed

Hi all.
I was going to post about wordpress registrations, how I had added extra spam messages, how I had added human approvals and you will still see these in the modified information pages. at least for the moment.
However users still appeard for approval and quickly.
So either one of the users registered is malicious and not himself and there can be only 2, or there is a virus server side.
I have for now removed the human registration plugins, as well as the honeypot protection, and rely on akismet and jetpack for spam since 0spam could have been conflicting.
Registration is now on a by request state.
If you need to get registration, email my username by entering on crashmaster and sending me an email, who you are, your contribution level, if you want to just subscribe or something and I will put you there.
I am about to remove all content I added for the new system because its not existing.
I am unsure what the hell I am going to do.
Leaving registration off will fix this problem but it basically means no users can get in till I turn it back on.
It also means I need to give this round to the fucking spambots and I don’t care for this.
Case in point, I have utterly failed.
I don’t know who is generating the bots, but its one of the 2 remaining users on here.
Or its not and they are appearing.
Anyone thats on here can comment and yes public can comment to normally as usual.
Thanks

Comments (0)

« Newer PostsOlder Posts »

go to sections menu


navigation menu

go to sections menu