go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: Home [0]

Go to contents or to navigation menu



blindvms e1 out

Hi all.
Go here
blindvms first ep
Yeah, its out, bad sound and all.
I am still getting used to the setup but at least I made a start.
For those on nvda list I am going to start putting out things in reguards to part of this.
For those waiting, remember that www.groups.io/g/blindvms is the group to go to.
You can comment here and I’ll get them.
You can comment on the blindvms blog and I’ll get them to.
You can leave a voice message on the blindvms anchor page and I will listen, maybe include it, and you can eamil me and I will get it.
Finally if you happen to listen to this from new zealand and want to chat or australia maybe, email me and I will give you a number but understand my offline phone and mobile is the only way to keep my online and offline world apart, and I generally want a bit of peace when I log off, I get far to many scams as it is.
Also it appears a fellow podcaster is interested to know what I am doing and how I am doing it, weather that could mean someone to share remains to be seen.
Never the less, know this jared that if you think you want to contribute to this or un it along side the current tech cast there is always a spot, after all you let me admin this site with you so its only fair you share in any expantion.

Comments Off on blindvms e1 out

Philmore: Is It Down for Good?

Ever since the technology archives became the technology podcast, Philmore Productions has been talked about for good and for bad. I believe it has been more bad than good. The most recent: Philmore Productions blocking whole area codes which was minor compared to others. Philmore Productions continues to trash its customers writeen in November 2018 was a prediction post, in no way was it written to trash the company.

The time has now come to really put Philmore to bed. I am thinking that the time has come to say good-bye. Philmore Productions programs reasonably, the system has always worked, but now, after some recent events, its time to say goodbye to ignorance.

First, lets start at the beginning. Around the end of May, 2019: Philmore Productions suffered an outage due to a storm that blew through the Chicago area. After determining that it was a circuit breaker that caused the outage, Philmore was braught up. Currently to this day, Net By Phone is still up and operating under its capacity.

After some time passed, Philmore Productions determined that a hard drive failed. That is not the worse thing that can happen, you buy a new drive, and rebuild from the data you had in backups. The good news is that he had an array, so the data was not completely lost. This took several weeks to diagnose. The system could be used with newer material, but older material had issues. Once this was determined, a new drive and restoral of data took place. This is now mid June, when this process took place.

Lets fast forward now to July 4th weekend. At the time of writing, and until we find out otherwise, Philmore is down. It has been down since the 4th, and this could be the end. Philmore Productions told its customer base that the system would be down briefly for maintenance. After several hours, people were wondering what was happening.

According to some reports, the system is either down to restore data, or worse, it was supposed to be back up at a certain date (jul 6th 2019) and its not. The recent report is an upgrade gone wrong.

If there is something I’ve learned through the years of covering breaches, we need to backup all of our stuff, which would include software, correct? Philmore is telling some that there was a software update which pretty much crashed his software. This could be the end.

The constant lies, the potential breaches, the non-communication with customers or potential customers, the loss of potential data you had, the apologies, the inability to put hard limits when you say 3,000 messages, the unlimited factor, the yelling at customers (including me when testing the uploader tool) really adds up. I’m very fair here, I even posted Philmore Productions releases upload tool for the voice mail system a 2014 article when I was still there. If you say I’m not fair, here is the Philmore Productions search I did on the blog. Phil, its time for you to start understanding how your stuff works, and it may be too late. Your biggest customer is still there, and for that, I’m surprised.

I think this biggest disaster is the end. There is no line of communication with the company, because the company does not give any live customer service. They will call from any number they want, but yet, they hate when people call any number they have. I’m using “they” loosely, as Philmore doesn’t want people to know its a one man shop, not an organization of a few employees.

Customers, its enough. Show Philmore Productions that you mean business. Be truthful and tell the public what is up with your system including the web site and services. Do not tell a potential returning customer one thing, and another person working at a different company another. How are we going to believe anything you say or do now? Its been over a month now, and the system isn’t operating and you still have no web site. Time to tell him who is boss around here.

Other systems have had their issues, and they have been able to notify their base.

Thanks for reading, and make it a great day!

Comments Off on Philmore: Is It Down for Good?

You’re going to pay more for .org and .info domains following ICANN’s lifting of price caps

Hello folks,

While this is older news, and I think I found something of interest, this article entitled You’re going to pay more for .org and .info domains following ICANN’s lifting of price caps really hit home. I remember leaving comments saying that there are people who can’t afford it if prices are too high, and I’m one of them. I run menvi.org which is a non-profit. I get re-embersed, but if it goes up, it might become a problem. I’m not sure if it will, but thats why I’m saying might. Only time will tell.

Comments Off on You’re going to pay more for .org and .info domains following ICANN’s lifting of price caps

Tech podcast 318

Welcome to the tech podcast, this is show 318. I’ll be in the process of reloacting, so this may be the last podcast until the relocation is complete. I’m hopeful that the relocating process will go well, and I’ll be available through contact methods mentioned throughout the program should you have questions and concerns.

<

ul>

  • We talk about URL shorteners. Cutt.us and similar services can be a target of spam. This service, along with a couple of others, allow the visitor to report suspicious links. These services allow the shortening of long URL links to shorten one for sharing. Reporting suspicious URL’s may be a start, but I’m going to try and get recaptcha on one of my biggest sites to see if it can curve this problem.
  • In segment 2, we finish the talking of shorteners by talking briefly about another service similar to the one I link above, and then we demonstrate braille 2000’s grade relaxer. This particular part of the application was already working, but some accessibility fixes were made, and with the beta, I present to you how the relaxer can be used in a classroom setting.
  • We take a song break. In the last segment, we had relaxed Gokul Salvadi to demo how this is done. I thought the music would be perfect to play one track, and you can leave your thoughts.
  • Finally, Equifax and Myspace are back in the news. When Myspace Was King, Employees Abused a Tool Called ‘Overlord’ to Spy on Users from blog The Technology blog and podcast | <a href=”Former Equifax exec sentenced to 4 months in prison for insider trading related to data breach
  • Our contact information is at the end of the program. I’m hoping that the relocating process goes well for me, and if something big comes out, I’ll do my best to get it out quickly. If not, then I’ll be back once I’m settled in. Thanks for listening, and thanks for your continued support.


    RSS

    Comments Off on Tech podcast 318

    Attunity Data Leak Exposes Sensitive Files at Ford, TD Bank

    Well, this can’t be good. Its not as bad as others, and luckily a researcher found this and notified the company, but this is what we want. We want researchers to find he data and disclose it to everyone involved instead of hackers making off with it.

    Three unsecured Amazon S3 storage buckets compromised more than 1TB of data belonging to Attunity and its high-profile clients.

    Source: Attunity Data Leak Exposes Sensitive Files at Ford, TD Bank

    Comments Off on Attunity Data Leak Exposes Sensitive Files at Ford, TD Bank

    When Myspace Was King, Employees Abused a Tool Called ‘Overlord’ to Spy on Users

    Several employees were caught abusing the tool, which let them read users’ messages and passwords.

    Source: When Myspace Was King, Employees Abused a Tool Called ‘Overlord’ to Spy on Users

    So this is myspace news, but it trickles to every social media platform today no matter what the tool is to help with law enforcement stuff. This can’t be good, now can it?

    Comments (1)

    Former Equifax exec sentenced to 4 months in prison for insider trading related to data breach

    Source: Former Equifax exec sentenced to 4 months in prison for insider trading related to data breach

    More equifax news, it doesn’t seem to be getting any better, does it? This just shows that crime does not pay, and there are penalties. I’m happy to see that something is finally being done to show that this can’t go on anymore.

    Comments Off on Former Equifax exec sentenced to 4 months in prison for insider trading related to data breach

    Do Data Breach Victims Have Standing to Sue?

    This is quite interesting. Found this on twitter, and thought the blog would love to see this too. Sounds like there is a split on whether we can sue, but frankly, the companies who have our info should be part of the solution by protecting it the best they can. This includes patching if necessary if the perp gets in via a hole in software installed.

    Data breach victims are at risk of identity theft, but the courts are split on whether they have standing to sue the companies that failed to protect their data.

    Source: Do Data Breach Victims Have Standing to Sue?

    Comments (1)

    Florida City to Pay $600,000 to Hackers After Ransomware Attack

    The attack occurred on May 29 when a police department employee reportedly opened an email containing the malicious code.

    Source: Florida City to Pay $600,000 to Hackers After Ransomware Attack

    This is not going to be the first time, nor the last. Read the full article, as it gleams insite in to not necessarily why the ransom was paid, but each case is going to be different. I do not believe Baltimore did pay, as they had backups, but this is a true reminder to do the best you can.

    Comments Off on Florida City to Pay $600,000 to Hackers After Ransomware Attack

    Its hard to prove spam sending

    Hello all,

    Without going in to detail, I know it is going to be hard to prove spam sending. I know of somebody who is now accusing someone of sending spam out in regards to Asian dating, and probably other stuff.

    Here is a contact form I received through MENVI, and I know my MENVI members wouldn’t send such a thing.


    Below is the result of your feedback form. It was submitted by
    (
    gilvicler@hotmail.com)
    on Sunday, June 23, 2019 at 10:55:43
    —————————————————————————
    name: JamesPax
    City_State_Province: Rajkot
    country: India
    Phone: 81588552378
    contactmethod: Please contact me by telephone
    contact: Please have Janet Quam: assistant webmaster) to contact me
    reporting_bug: No, I’m not reporting a bug with the web site at this time
    reporting_bug_Yes: Rencontrez des filles sexy dans votre ville:
    http://xurl.es/bhld3

    comments: Rencontrez des filles sexy dans votre ville:
    http://xurl.es/bhld3

    submit: Submit comment or question to the MENVI contact team
    —————————————————————————

    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
    REMOTE_ADDR: 185.130.184.216

    Comments (2)

    Tech podcast 317

    Tech podcast 317 is now out on the RSS feed. I’m not sure if we covered the braille transcription software with grade relaxer in the segment with Braille 2000, but if I did not, I plan to do so in a future podcast. I link to it in the show notes, thinking I did, but I know I covered other stuff with the software which was minor accessibility stuff with the speech aspect of things.

    In any case, Braille 2000’s segment is short, but we’ve got a bunch of other stuff that is covered, including a very interesting article Phishlabs has in regards to the phishing sites themselves being more secured than years past.

    Below, please find the show notes, and thanks so much for listening to the podcast!

    RSS


    Welcome to tech podcast 317.

    • How is our security as of late? Is the landscape good or bad? What are your thoughts on it?
    • Braille 200 has a very interesting update. Braille 2000 has interesting childrens program, made accessible is the article, and I talk about my work with this area of Braille 2000. Here is the Braille 2000 category that you can link to on the blog. It is the entire history of what I’ve been up too with Bob. We may have talked about this, but there are other odds and ends we tlak about if this was not talked about in this segment. If not, and you want me to cover it in detail, I can do that. The segment is Braille 2000 where we are at this point.
    • Jaws gets an update that fixes a major bug in Adobe. It also fixes other odds and ends as well, not just that. blog post for those who need it.
    • Mirai and Trickbot are back in the news. Blog post on the topic.
    • I saw an article on email and 5 signs on what to do if its hacked. Blog post.
    • Phishing sites and their trends. What do you think will happen? Phish Labs blog post has all the juicy details.
    • Michael in Indiana has a Philmore update. A month or so ago, Philmore Productions voice mail went down due to weather related activity. Its been a month or there abouts, and its still mostly down. The good news, Philmore did use an array, so the data isn’t lost, but the web site remains down. Listen to all the details.

    Contact information is available at the end of the program. Enjoy!

    Comments Off on Tech podcast 317

    Braille 2000 has interesting childrens program, made accessible

    Hi all,

    A lot of people who use Braille 2000 know that there is a nice little program called the Childrens Grade Relaxer. It is known as simply “the grade relaxer” and its job is to uncontract a document in a way where it is appropriate for children to read it. When I got Braille 2000 version 2.273, this portion of the software was not accessible to the blind instructor or braillist. Now, in 2.274, it is. When 2.275 is released, the dialogue which was accessible hasn’t changed much at all, but now, we’ll have spoken feedback on the aspects of “can read” “can’t read” and partial. Partial is actually called mixed.

    The colors of the dialogue are green for can, red for can’t, and the node of the tree being yellow for a mix case of green and read within it. Also, we can now press the space bar to toggle a node, or specific options for yes or no. This is another reason why I love Braille 2000, the dedication of Bob is paramount to have the best software that can be produced.

    Here is how it works. Lets say you have a child or adult named John. The first thing you’ll do is make a profile named John. It comes with one profile which is default which is everything read. The dialogue won’t be described here, but you’re able to adjust the profile in a dialogue that says you can’t read any grade 2, to a mix bag of can and can’t read based on the child’s progression. The dialogue will also have options to relax the running heads. It also has an option to create the job as a new work area, which is recommended, and whether or not you want the file double spaced or not. Within each profile, you can select whether or not the child or adult understands single spaced material or not. If not, it becomes double spaced.

    There is also an option to say yes or no each and every change, I would recommend this to be off, so it does the work for you. In a future version, the yes no will be removed, as it proves to not be useful. It may have been useful in a prior version, but it may not be useful today.

    Since this tool has been in braille 2000 from the beginning of brraille 2000, and it could be very valuable based on lesson material being taught, I could see the blind instructor producing material once in RTF, format it using percent codes or shape paragraphs, and have a profile set for each child entering the class. The profile is like an account, where each child or adult has their own account, and you adjust that account based on their reading capabilities. Once they master everything, then they can use the default profile which is set to read everything single spaced. The possibilities are endless.

    Note that double spaced work takes twice as much room, so my 5 page letter turned in to 9 pages, when just applying the doublespace. Single spaced uncontracted for that same letter for assignment 13 was 6 pages. Braille 2000 knows and understands this fact, and formats it correctly.

    If you have any questions comments or concerns, please contact Bob or myself.

    Comments Off on Braille 2000 has interesting childrens program, made accessible

    Trick Bot is back, still on the loose

    Hi all, Trick Bot, another one of these notorious havocs is back. According to Trickbot Watch: Arrival via Redirection URL in Spam we’re not out of the woods yet. With the amount of spam that is out there, we really need to be on our guard. We can’t let up just because of the fact that its safe to open. As I find other articles that I can talk about here on the blog, we must continue to be on guard for things that we may not be expecting and slow down a bit. Here’s just one section of the article.

    Defending against Trickbot: Trend Micro recommendations and solutions

    Trickbot has seen developments beyond that of a typical banking trojan, and updates to it aren’t likely to go away anytime soon. For instance, it has also
    been found being delivered as a payload by attacks like those of
    Emotet.
    Cybercriminals that take advantage of Trickbot primarily use phishing techniques that trick users into downloading attachments and visiting malicious sites
    that steal their credentials.

    Users and enterprises can protect themselves by following these best practices against spam and other phishing techniques:

    list of 4 items
    • Be wary of telltale signs of spam such as suspicious sender addresses and glaring grammatical errors.
    • Refrain from opening email attachments from unverified sources.
    • Keep comprehensive logs of what happens within the network, which allows IT personnel to track suspicious activities like traffic from malicious URLs.
    • Monitor the network for potential threats, which can help an organization to identify malicious activities that traditional security solutions might
    not be able to detect.
    list end

    Users and enterprises can also benefit from protection that uses a multilayered approach against risks brought by threats like Trickbot. We recommend employing
    endpoint application control that reduces attack exposure by ensuring only files, documents, and updates associated with whitelisted applications and sites
    can be installed, downloaded, and viewed. Endpoint solutions powered by
    XGen™ security
    such as
    Trend Micro™ Security,
    Trend Micro™ Smart Protection Suites,
    Trend Micro Worry-Free™ Business Security,
    and
    Trend Micro Network Defense
    can detect malicious files and URLs and protect users’ systems.

    To get the proper formatting, please view the full HTML article, but I give this section to give you the idea of how bad this is. As Security Now has said, it only gets worse, right? Please leave those thoughts.

    Comments Off on Trick Bot is back, still on the loose

    CVE-2019-2725 Exploited and Certificate Files Used for Obfuscation to Deliver Monero Miner

    When I initially read this article, I was wondering how I could convey the information on how dangerous this bug is. I really can’t, because it is so complex. CVE-2019-2725 Exploited and Certificate Files Used for Obfuscation to Deliver Monero Miner is the article and it goes in to detail on how it works, whats involved, and how to protect yourself. This bug basically takes certificate files in which you get when going to secure sites, and makes havoc out of it. I would check out the article to get the details on this one.

    Comments Off on CVE-2019-2725 Exploited and Certificate Files Used for Obfuscation to Deliver Monero Miner

    a little late, but very interesting news about Baltimore County

    I don’t know if I’ve covered Baltimore County’s ransomware attack, or lack there of. They weren’t even sure what happened. According to a report on Krebs on Security, this story is quite interesting. The good news, is there is no eternal blue processes in whatever they got hit with. Report: No ‘Eternal Blue’ Exploit Found in Baltimore City Ransomware is the article, and it also was a great read.

    Comments Off on a little late, but very interesting news about Baltimore County

    What to do if your email gets hacked

    Hi all, I recently read an article about 5 signs that email gets hacked. They advise on what we should do in this article. I tried to help someone in a simular situation about one account on a domain I host here on the network, and I asked if the email was sent from our server and showed them how to check the sent items. Thats one thing we can do. Lastpass has a bunch of other stuff we can try, so 5 Signs Your Email Was Hacked – and What to Do About It  is the article.

    I hope you enjoy it as much as I have reading it.

    Comments (2)

    Here’s something to ponder: Should User Passwords Expire? Microsoft Ends its Policy

    hHere’s an article entitled Should User Passwords Expire? Microsoft Ends its Policy and it really makes you think. Here’s what I’m talking about under the heading “Password Requirements Misused” which talks about the misuse of what might be a bad practice.

    It’s time to create a new password. Your system requires the password to be eight characters long, use one special character, and at least one number.
    So what does the user put in place? Software Engineer Joshua Temple says it comes down to users going the easy route:

    “Users don’t understand the concept of a secure password – if you can remember it, it isn’t secure. Most websites say ‘Must use one capital letter, special
    character and a number, and be eight characters long and do a little jingle’, which then, typical user uses Somewords1234! instead of 71bzcWcN^BJ91*uMO”

    Temple suggests that if a user falls into the above category, it is a safe assumption they do not subscribe to the concept of two factor authentication,
    and even worse, there is a high likelihood this individual is reusing said poor practices across multiple services. So, even if on the off chance they
    use a different password for a sensitive account, in some shape or form, it is associated to a poorly secured account. One breach of an account owned by
    this ‘type’ of user, leads to a waterfall of compromised services. Changing passwords on a routine basis is a great practice, but it is only as secure
    of a practice as the password itself.

    This is a lot to think about, correct? I try not to use the same passwords, even if I generate it myself. I want to remember it and not use Lastpass for everything, so I’ve tried to change a combbination I can remember and come up with a very interesting pattern. I somehow can’t remember it, and maybe I should get rid of that practice. The heading that got my attention talks about not using your brain. The heading is: “Stop Using Your Brain” within the article.

    For most organizations there is a balance between ease of use and security, a hypothetical seesaw, which takes us to our final point of view, our IT lead,
    Shelby Baylis. While users may want to fly through logins and have everything easily accessible, organizations need to decide which end of the seesaw should
    hold the most weight. For a company like ours, Baylis posits that our organization should always tip on the side of stronger security.

    Because of this, Baylis feels that means regardless of Microsoft’s shift in policy, that organizations should still use time-based prompts to force users
    to reset their passwords.

    “Many will assume that a complex, memorable password is preferable to a regular interval. The solution is neither. Stop using your brains to create a password.
    Use a password manager whether it is a local one like KeePass or a cloud-based one like LastPass. Let them generate a 20+ character password for you and
    you just rely on your brain to change your master password on a regular basis.”

    This is sound advice from someone who has to put up with actual users in a highly secure environment. Of course our other engineer still holds a valid
    point regarding mass adoption from consumers, that enterprise organizations should draw a line in the sand and enforce whatever policy makes the most sense
    for their needs.

    “A regular interval for a password change is important because if your account is ever compromised in a breach and we hear about it until after the fact,
    which is the case for most breaches, it is of no consequence because that password expired oodles ago since we have a password expiration policy. Stop
    trying to use your brain on generating passwords. Use the password manager and its built in generator,” said Baylis.

    They aren’t wrong. Now is the time that it is too dangerous for us as individuals to use our brains. They’ve got great things in this article, and I’ve only quoted two sections. I’m saddened that we really need to do this, as trying to find patterns we can remember should be a lot easier. It is time for us to stop this practice, and it should be changed, and its something I’ll continue to fix in my password practice.

    One thing I tried to do was a pass phraise. If my pass phraise said: “Rusty is a good dog” I tried to make it secure by changing characters and even went so far as to put in a number like 1987. Of course, this might end up working if it is something you can remember, but I put this phraise as a note for one of my accounts, and last I knew I couldn’t get in to the thing as I had two of these types of phraises. I’m wondering if it is time to give this up and just use a manager such as lastpass, Trend Micro, Key Pass, One Password, or another not known to me or not mentioned? Its something we must think about, and we need to think about it really soon. Thoughts are welcome.

    Comments Off on Here’s something to ponder: Should User Passwords Expire? Microsoft Ends its Policy

    New Mirai Variant Uses Multiple Exploits to Target Routers and Other Devices

    Here’s an article about our favorite aspect of our lives, Mirai. Its up to some very new dangerous tricks. I think this is the most dangerous piece of malware out there. I just can’t imagine the type of things it can do now of days, and the article goes in to great detail on the latest happenings.

    New Mirai Variant Uses Multiple Exploits to Target Routers and Other Devices

    Comments Off on New Mirai Variant Uses Multiple Exploits to Target Routers and Other Devices

    Jaws gets an update, fixes major Adobe bug: other fixes too

    Hi all,

    Jaws has released their June 2019 update. In it, they fixed a major adobe issue in the reader product where MSAA mode would be on where it reads PDF files to you using this mode. I reported it, and was able to send a smaller file instead of the one I intended to send. This happened with every single PDF file.

    In the release notes issued for this update, they talk about fixing this bug where the virtual buffer (MSAA) was not being loaded with the content, even when we tell Adobe that we’re using assistive technology.

    Thank you VFO, for fixing this issue. For those who primarily use Jaws, the fix is welcome. Luckily, I was able to save the file and get a text representation, now, I can go back to reading PDF’s as intended.

    There are also a bunch of other fixes between the April and June releases, and you can read them from this Freedom Scientific page for your convenience. Thanks for reading!

    Comments Off on Jaws gets an update, fixes major Adobe bug: other fixes too

    Microsoft patches, we should too

    Hi all,

    I’ve not done one of these posts in awhile. Krebs on Security is one source where you can get information about the patches. Trend Micro is another source where you can go to read.

    I’m sure that we’ll be updated over all too, as it sometimes can take time to push the updates out to everyone. Be on the lookout!

    Comments Off on Microsoft patches, we should too

    « Newer PostsOlder Posts »

    go to sections menu


    navigation menu

    go to sections menu