go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: Home [0]

Go to contents or to navigation menu



BARD message of interest, January 9, 2021

Bard maintenance notice

The following comes from Bard’s web site, and may be of interest to patrons of BARD.

I went up to look up something, and saw this.


Alert Message

NLS is planning routine maintenance that will begin 11:00 PM, Eastern Standard Time (EST), Tuesday, January 12, lasting 17 hours or less, with the expectation that BARD will resume normal operation by 4:00 p.m. EST on Wednesday, January 13. The NLS main public and Network Library Services websites, Voyager catalog, Text-Only catalog searches, and ThatAllMayRead website will remain available. This maintenance work includes our long-expected move of BARD to a cloud environment. Once operation resumes, patrons will experience no functional change to BARD, but these users accessing the system via a high-speed Internet connections may notice faster download speeds. Don Olson


I hope this message may be of benefit to those using BARD, and thanks for reading!

Comments (0)

CISA releases Alert (AA21-008A) Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments

I’ll have more on Solar winds and some articles I’ve read that night be of interest, but for tonight, I read a lot of this CISA report:
Alert (AA21-008A) Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments
for people who need it. I don’t know if people need this, so I thought I’d share it.
There is information on techniques and procedures the actors have used along with links to other information they released.

If you’re not subscribed to this email list, than I’m supplying it to you so you can have it. I hope this finds interest to those who need it.

Comments (0)

What is going on in the security landscape, news ending January 8, 2021

Hello folks, welcome to a wrapup of what is going on in the landscape of security. In no way is this going to be a complete rundown, however, some of what I’ve read or come across, or even news that I didn’t see that comes across my desk through a digest from Trend Micro.

Let us get started with “This week in Security News” from Trend Micro. I really like covering these posts because they cover a lot, some I may have read, some I still need to read, yet others may just be interesting but yet not worth talking about in the long term.

There are two articles I’ve been meaning to cover that are in my rundown from this news digest that I mise well cover here. The first is Earth Wendigo Injects JavaScript Backdoor to Service Worker for Mailbox Exfiltration and I had to read it from the web version. This is very dangerous because it relies on people using webmail to access their mail. I’ve ditched webmail many, many, many years ago because I personally find it to be something that doesn’t interest me. Even when I signed up for gmail and I finally decided on it for youtube and even now an off site email address, I was not using the website to check my mail.

The good news is that I think that most of us who read this aren’t using this site at all that is referenced. The web site is mail2000tw[.]com or any kind of sub domain. I can’t tell what language it is, I did visit the site via private browsing to see what language it is.

Trend Micro writes:

We discovered a new campaign that has been targeting several organizations — including government organizations, research institutions and universities
in Taiwan — since May 2019, aiming to exfiltrate emails from targeted organizations via the injection of JavaScript backdoors to a webmail system that
is widely-used in Taiwan.  With no clear connection to any previous attack group, we gave this new threat actor the name “Earth Wendigo.”
Additional investigation shows that the threat actor also sent spear-phishing emails embedded with malicious links to multiple individuals, including politicians
and activists, who support movements in Tibet, the Uyghur region, or Hong Kong. However, this is a separate series of attacks from their operation in Taiwan,
which this report covers. 

Other headings within this article include but are not limited to:

  • Initial Access and Propagation
  • Exfiltration of the mailbox
  • Infection of email accounts
  • Service Worker script exploitation
  • and Email exfiltration

The article here is very detailed and I think people need to read this, as it could come to a web mail service near us. Luckily, it hasn’t happened as of yet, but it is definitely something that could eventually happen.


The other thing in this week’s digest of the news is also something that I wanted to cover An Overview of the DoppelPaymer Ransomware is the article and it is also a good one.

The article starts out:

DoppelPaymer uses a fairly sophisticated routine, starting off with network infiltration via malicious spam emails containing spear-phishing links or attachments
designed to lure unsuspecting users into executing malicious code that is usually disguised as a genuine document. This code is responsible for downloading
other malware with more advanced capabilities (such as Emotet) into the victim’s system.

I believe I’ve talked about Emotet on the technology podcast, and it definitely isn’t going anywhere with this new project. This also uses the Dridex malware family (website) which will either download the DoppelPaymer directly or something else.

This is definitely something that is stealthy, troublesome, and something that we should all know about.

The article goes on and says:

Once Dridex enters the system, the malicious actors do not immediately deploy the ransomware. Instead, it tries to move laterally within the affected system’s
network to find a high-value target to steal critical information from. Once this target is found, Dridex will proceed in executing its final payload,
DoppelPaymer. DoppelPaymer encrypts files found in the network as well as fixed and removable drives in the affected system.

Finally, DoppelPaymer will change user passwords before forcing a system restart into safe mode to prevent user entry from the system. It then changes
the notice text that appears before Windows proceeds to the login screen.

The new notice text is now DoppelPaymer’s ransom note, which warns users not to reset or shut down the system, as well as not to delete, rename, or move
the encrypted files. The note also contains a threat that their sensitive data will be shared to the public if they do not pay the ransom that is demanded
from them.

According to the FBI notification, DoppelPaymer’s primary targets are organizations in the healthcare, emergency services, and education. The ransomware
has already been involved in a number of attacks in 2020, including disruptions to a community college as well as police and emergency services in a city
in the US during the middle of the year.

DoppelPaymer was particularly active in September 2020, with the ransomware targeting a German hospital that resulted in the disruption of communication
and general operations. It also fixed its sights on a county E911 center as well as another community college in the same month.

The following is what is recommended by Trend Micro in regards to this one:

  • Refraining from opening unverified emails and clicking on any embedded links or attachments in these messages.
  • Regularly backing up important files using the 3-2-1 rule: Create three backup copies in two different file formats, with one of the backups in a separate physical location.
  • Updating both software and applications with the latest patches as soon as possible to protect them from vulnerabilities.
  • Ensuring that backups are secure and disconnected from the network at the conclusion of each backup session. 
  • Auditing user accounts at regular intervals — in particular those accounts that are publicly accessible, such as Remote Monitoring and Management accounts.
  • Monitoring inbound and outbound network traffic, with alerts for data exfiltration in place.
  • Implementing two-factor authentication (2FA) for user login credentials, as this can help strengthen security for user accounts
  • and Implementing the principle of least privilege for file, directory, and network share permissions.

As with all things troublesome, making sure we have our backups is the most important thing. I personally pay for dropbox for that purpose, and I am sure glad I have!


The Hacker News has an article entitled: FBI, CISA, NSA Officially Blame Russia for SolarWinds Cyber Attack which I have not read. Cyberscoop has articles dealing with Solar Winds and some fall out. They are:

The last two go hand in hand, but all in the above list are interesting, saying that Russia has been to blame in varying paragraphs. That is why I link all of them in this section because it is the latest we have, and I can only imagine Trump going ape over his accounts being suspended. With what has gone on, its about time that the companies do something to curve his behavior, even if it indirectly was responsible for the attacks that have been in the news as of late. Read all of these articles linked above in the above list because they are all good and vary in content. several of these articles may be linked in podcast content in passing for news notes, but its all informative. articles will


Another article that is worth talking about is protecting your kids while learning at home. This article How to Protect Your Kid’s Privacy While At-Home Learning goes in to detail on this.

The beginning of this article says:

Why Trend Micro
Research
Support
Partners
Company
?
navigation region end
?
Privacy & Risks
Share
Print
article
Privacy & Risks
How to Protect Your Kid’s Privacy While At-Home Learning
Many kids now have school-supplied computer equipment away from the school network. However, with this come privacy and security concerns. Some are easy
to avoid, but others need some modifications to ensure safety.
By: Stephen Hilt, Erin Johnson December 22, 2020Read time: 5 min (1381 words)
Share
Print
?
——————————————————————————–
main region
With the pandemic forcing many people to work and attend school from home, there has been a major shift in the use of technology for many businesses and
learning institutions. And this has brought a lot of interesting findings, at least from my own.
My kids have been attending school virtually this year, and I’m glad that schools can offer options and provide a high level of education virtually during
the Covid-19 pandemic. One of these options is the use of Chromebooks. While many US school districts have been providing Chromebooks to children at school
for some time, the scale of this need changed significantly in 2020. Fortunately, some school districts have found the ability to get more computers for
students who need them at home.

While I applaud the schools for providing people who need them the computers, the article talks about how schools are locking down even the network at home because it is signed in to the same google account even though the provided computer is not even being used. This goes beyond the reach of my understanding, please read Trend Micro’s article on this.

One of the things I heard in a new podcast I just subscribed to called The CyberWire Daily mentioned software called JetBrains, another piece of software that may have been compromised. I have not read Investigation Launched into Role of JetBrains Product in SolarWinds Hack: Reports but it is interesting that yet another company may be involved in one of the biggest breaches we’ve ever known.

Here is what the clip of this article states. Again, i’ve not read this, so I have no more info except what I heard on the podcast.

Cybersecurity experts and government agencies are trying to determine whether the hackers that targeted SolarWinds may have abused software created by
JetBrains to achieve their goal. JetBrains is a software development company based in the Czech Republic that has offices in Europe, Russia and the United
States. The company claims its solutions are used by over 9 million developers across 300,000 companies around the world.


We can’t forget phishing. Email threats are going to rise, and with that legitimate domains may be used. Also, RYUK is still being used more than ever, something called Hastebin is being used to deliver fileless malware called Hastebin and much more. To read the entire article of what is going on this week from Trend Micro, please go on over to Trend Micro’s blog: This Week in Security News – Jan 8, 2021 to read all of the details.


Finally, we’ve got some great news I always like to cover. Russian man sentenced to 12 years in prison for massive JPMorgan data heist and that i good news because J.P. Morgan’s breach was one of the biggest to date for its time.

Tyurin’s breach of JPMorgan Chase alone saw data on 80 million customers stolen, according to prosecutors. The Russian man made $19 million altogether
from the hacking, the Justice Department said in a statement.

We should back up and start at the beginning though: The article states in part: A U.S. federal judge on Thursday sentenced Andrei Tyurin, a 37-year-old Russian man, to 12 years in prison for his role in a hacking scheme that prosecutors
say involved the theft of personal data from over 100 million customers of big U.S. financial firms.

The brazen hacking operation, which ran from 2012 to 2015, is one of the biggest to hit Wall Street in recent memory. It involved Tyurin allegedly working
with an Israeli man named Gery Shalon, among others, to breach big-name companies like JPMorgan Chase, ETrade and The Wall Street Journal. The scammers
then sought to inflate stock prices by marketing them to people whose data they had stolen.

There is definitely more, and more that I need to get out in regards to Solar Winds but I’ll do that in a separate article as Solar Winds is just as interesting alone as it would be in a roundup like this.

This completes the news notes, did you find something of interest? Why not get in touch? Comment on the blog! Write an Email! Use whats app, email/imessage or any other contact info you want! We’ll be waiting.

Comments (0)

Have you read Trend Micro’s year in review yet? Its quite interesting as usual

The Year in Review for 2021 was released on Trend Micro on the 8th of December, 2020. It is definitely a facinating read every time I read it, and Trend Micro isn’t far off. There is always room for error.

I’m always facinated in regards to Trend Micro and their predictions report that they come out with each year. This time, Takeaways from Trend Micro’s 2021 Security Predictions is the article and there’s a lot here.

In the next Security Box, I’ll Text-to-speech this article as it’ll go faster, and we’ll discuss it.

I think one of the biggest and continuing threats in this landscape will be the continuing ordeal of the pandemic as well as the actors keeping up with what people want to know.

Home offices as hubs? You bet. With more people working from home and that not changing for the foreseeable future, criminals will be wanting to utalize any connection they can to get their wares out in to the world.

For example, I used a website tpo see an IP address to try to see if it was reported as spam. It was a malicious spam message, but the IP was a fixed landline internet connection. That makes it a bad IP. Because it sent me Spam, I had no choice but to report it, although I felt bad. The site, which I may rtalk about on a podcast of some sort, is a site that collects data on various trends of Spam, hacking and other aspects of attacks. I don’t exactly know what they do with it, but if I see something from the same range, I can block that range of IP’s from coming to my web site and spamming me. This is especially true if it is an IP designed to push traffic to their next destination such as your hosting provider, it isn’t supposed to visit the web and send Spam.

Covid-19 isn’t going anywhere, in fact, California is so out of control we’re out of beds in the ICU. Actors are going to take advantage of this, and Phishing and ransomware have been sent based on this devistating tragety which has rocked the world. It is unfortunate, however I don’t think we’re done with that aspect of attacks as of yet.

The next major heading they talk about here is Digital transformation efforts as a double-edged sword (if not done right). This section is really meant for business and not necessarily for consumers, so when you read the article, know that I’m thinking of you as a business. Consumers must read this to understand what is happening in the business world, and it was a definite interesting read.

To read the full article which links to Turning the Tide: Trend Micro Security Predictions for 2021 which you should read the first heading: “What At-Home Workers Need to Know.” Thanks so much for reading.

Comments (0)

The Security Box, podcast 26: Solar Winds, apps for spyware and more

Welcomne to the security box, podcast 26. We have a 229.68mb download and our RSS to boot.

You can search my name, Jared Rimer, to get my podcasts on apple podcasts, overcast and others if you wish. I checked it out in overcast, and both this one and my internet radio program is available.

Since this is a blog post in regards to the Security Box, we’ve got lots of notations that were not included in its RSS, so I guess its time that I put the whole show notes out there for you to read since I pointed people to the blog there.

Here are those notes.


Hello folks, welcome to the security box, podcast 26.

Topic continuing:

The topic of Shaken and Stir will get its wrapup from podcasts 21 and 23.

This should be the last of this as we don’t have far to go with it.

Things to ponder

  • I can’t believe that we are talking about spy applications that could spy on people while they use their phone. There are applications for Mac, IOS, Android, Windows Mobile, Windows PC, Symbian, HTC and others.

    Some of the most famous examples of these monitoring applications are iSpy for iOS and Freezy for android phones. Other examples include SpyFu for Mac, Rxected for iPhone, logger for Blackberry, Cloner for Windows Mobile, GoArtical for PSP, CoolMobile for Windows Mobile, MyTrace for iPhone, MyTrace for Android, MyTrace for PC, Sonar for Symbian, ATOM GPS for HTC, ATOM GPS for Windows Mobile and PC.

    Are you a parent, and what do you think? The article is well written and I’m not bashing the article, nor the web site, but the practice of using such an app when children can find these apps if they think they’re being tracked. What about the web site practices? From koolwebsites.com, we have: Watch Your Kids with Mobile Spy Apps is the article and I hope this sparks some discussion. blog post from the tech blog with comments are also available to you.

  • News Notes

    Arrests

  • We start off with some good news in the arrests department, where 21 people from the UK and other places were picked up for using stolen data from a now defunked site calledWeLeakInfo. Besides learning about these 21, we learn about others too. Quoting: the article says:

    “Of those 21 arrested — all men aged between 18-38 — nine were detained on suspicion of Computer Misuse Act offences, nine for Fraud offences and three are under investigation for both,” the agency said in a Dec. 25 release. … “A further 69 individuals in England, Wales and Northern Ireland aged between 16-40 were visited by Cyber Prevent officers, warning them of their potentially criminal activity. 60 of those were served with cease and desist notices,” the NCA said. “Many more of these visits are due to take place over the coming
    months.” “As well as being customers of WeLeakInfo, evidence suggests that some had also purchased other cybercrime tools such as remote access Trojans (RATs) and
    crypters,” the agency said. “Additionally, three subjects have been found to be in possession of, or involved with, indecent images of children.”

    Let that last one sink in a little bit. Article: UK arrests suspects tied to WeLeakInfo, a site shuttered for selling breached personal data

More News Notes

  • Boy, Ticket Master sure does seem to be the bad guy. They ended up paying $10 million because they illegally used passwords they obtained from former employees of another company to see what they were up to. Is this the right punishment for such a big company who sells tickets to many different types of events? Tickemaster pays $10M fine to settle charges of using stolen passwords to spy on rival company is the article, and boy is this big.
  • I have some security news coming out of the United Kingdom in this blog post which might be of interest to people if they haven’t seen it already. The article talks about WeLeakInfo and Cyber Scoop does a good job covering this one. I put it under arrests for more info, but my blog post does have other odds and ends on it too.
  • The blog has plenty of news on Solar Winds and I even have a three part article which you can go find. I know we’re not done with that.
  • Travel Booking company pays out money for 2016 breach was talked about on my blog, and boy was it a big headache for the travel company.

Want to comment? Feel free to get in touch! Contact information is throughout the program. Thanks so much for listening!

Comments (0)

CISA Updates Emergency Directive

I wasn’t originally going to cover this at all, however, I recently subscribed to a podcast called “Cyber Wire Daily” which releases podcasts every day on the goings on in the Cyber Security industry.

While I need to catch up with this podcast, one of the recent podcasts listed covers this so I thought I should better cover this. CISA Updates Emergency Directive 21-01 Supplemental Guidance and Activity Alert on SolarWinds Orion Compromise is the entire title of this and is linked here for you.

There are links throughout that might be of interest to boot, so go ahead and check it out and see if there is something you need to know about within this linked item.

I read a lot of this, however, I’m not really sure how to cover this on a podcast since I don’t know people specifically effected.

There are two items that caught my attention when I initially read this.

  • Federal agencies without evidence of adversary follow-on activity on their networks that accept the risk of running SolarWinds Orion in their enterprises
    should rebuild or upgrade, in compliance with hardening steps outlined in the Supplemental Guidance, to at least SolarWinds Orion Platform version 2020.2.1
    HF2. The National Security Agency (NSA) examined this version and verified it eliminates the previously identified malicious code. This version also includes
    updates to fix un-related vulnerabilities, including vulnerabilities that SolarWinds has publicly disclosed.
  • Federal agencies with evidence of follow-on threat actor activity on their networks should keep their affected versions disconnected, conduct forensic
    analysis, and consult with CISA before rebuilding or reimaging affected platforms and host operating systems.

There might be something you need to pass on to your superiors who deal with this, so please check this out and see if it applies to you.

Comments (0)

Enhancements in JAWS 2021.2012.48 (January 2021)

Jaws just got released with a new update for January. Below is information on that update with links to the original source and the downloads page.


The following is a list of improvements made between the initial 2021 release and the January 2021 update.
To download the latest release, visit the Downloads web page. You must be logged on as an administrator to install this software.

New Layered Keystrokes for Adjusting JAWS and System Volume

Many users working with conferencing applications like Zoom and Teams have raised the issue of JAWS volume blocking their ability to hear a meeting or
webinar while trying to navigate in other applications. To solve this issue, we have introduced a new feature that lets you easily adjust the volume of
JAWS independently from the volume in other applications, such as Zoom, Teams, Skype, YouTube, or other apps that play audio.
JAWS and Fusion now offer a set of layered keystrokes for quickly adjusting volume. To access this layer, press INSERT+SPACEBAR, followed by V. Next, press
J to control the volume of JAWS speech or S to control the main system volume. After pressing J or S, use the ARROW keys to raise or lower the volume in
small increments, or PAGE UP or PAGE DOWN to raise or lower the volume in larger increments. Press ESC to exit the layer when finished. Volume changes
remain in effect until you later adjust them using the same commands.
Note: When adjusting volume with the ARROW keys or PAGE UP and PAGE DOWN, the lowest level that can be set is 10 percent.

New Voice Assistant Option for Selecting the Microphone

You now have the option to choose which microphone the Voice Assistant uses when listening for commands. By designating a different microphone for this
feature than what is being used for other applications such as Teams or Zoom, it allows you to mute those applications during meetings and still use the
Voice Assistant with JAWS, ZoomText, or Fusion. You can find the Microphone input device combo box under the Voice Assistant group in Settings Center.

Support for Native Math Equations in Microsoft Word

JAWS and Fusion now supports reading math content in Word documents inserted through the Office ribbon without the need for additional extensions. While
you can still use the MathType extension from Design Science to create math content, you now have the option to also use the built-in math creation functionality
in Word. Whether math content was inserted in a document using the MathType extension or directly through the Insert tab of the ribbon, when you encounter
a math equation or formula, JAWS reads the problem and then says “Math Content.” You can then press INSERT+SPACEBAR followed by EQUALS to open the JAWS
Math Viewer so you can study the equation in greater detail.
Once the Math Viewer is opened, you can navigate individual parts of an equation, such as variables, terms, coefficients, or exponents. As you navigate
to the various components, pressing DOWN ARROW lets you drill down into and navigate within that level of the equation using LEFT and RIGHT ARROW. Pressing
UP ARROW moves you back to the prior level. In addition, if you have a Braille display and JAWS is set to United States English or Unified English Braille
Grade 1 or Grade 2, math equations or formulas are displayed in Nemeth Braille. Pressing ESC closes the Math Viewer and return to the document.

Other Changes

• To accommodate the new Volume layer keystrokes, the layered command to access the Braille and Text Viewer layer is now INSERT+SPACEBAR, B.
• When using the Convenient OCR feature to recognize the current control, screen, or window, you now have the option to use the Microsoft OCR engine as
this may provide better OCR results for onscreen images than OmniPage, which is the default. For example, if you press INSERT+SPACEBAR, followed by O,
and then W to recognize the graphical window in an application and you find the results less than satisfactory, open Settings Center, select the Use Microsoft
OCR For Screen Recognitions check box, and then try the OCR again.
• You can now have both the Avoid speech cut off when using Bluetooth headphones or some sound cards and Lower audio volume of programs while JAWS speaks
options enabled at the same time in Settings Center. Previously, these two features could not be used together.
• When using the mouse to select text in Outlook messages, resolved a long standing issue where pressing CTRL+C was not copying the selected text to the
Clipboard as expected. This only worked if text was selected using the keyboard.
• Resolved issues where JAWS and Fusion were not reading as expected when tabbing through links in Outlook messages.
• In response to customer feedback, improved the description of the Speak Window Titles for Read-Only Messages Automatically Quick Settings option.
• JAWS no longer says “no selection” while navigating through slides while editing a PowerPoint presentation.
• In Excel, you can now select a range of cells on the current worksheet similar to how you select a block of text using a PlaceMarker in Word. To do this
in Excel, press INSERT+WINDOWS+K to set a cell marker on the cell where you want to begin the selection, move to another location on the same worksheet,
and then press INSERT+SPACEBAR followed by M to select the cells between the mark and the current location.
• Resolved an issue where the Windows 10 Mail app would close unexpectedly when replying to a forwarded message and you navigate the message contents using
JAWS.
• Addressed a reported issue where JAWS was not always correctly reading content inside of an HTML span tag in some situations.
• JAWS now continuously announces autocomplete information in the web browser address bar as you type.
• Addressed a reported issue where JAWS was not reading properly in the edit window of the TextPad application on certain systems with higher DPI display
settings.
• Addressed an issue with Libre Office Writer where JAWS focus was not in the document when the application was first opened.
• Added an updated 64-bit braille display driver from Handy Tech and also added a new driver from Eurobraille for their Esys and Iris braille displays.
• Resolved an intermittent issue where JAWS would unexpectedly close when attempting to connect to a braille display over Bluetooth.
• Improved the user experience when using JAWS with the Visual Studio Code application. This includes turning off the Virtual PC Cursor by default, eliminating
the announcement of ARIA regions, and removing the announcement of a long URL when the program is launched.

We took this information from the Whats new page for Jaws. We hope that you find this information of inteerest.

Comments (0)

Ticketmaster pays $10 million for misuse of data

Well, finally someone pays for doing harm. I believe this article was supposed to say ticketmaster, but it is ticketmaster. Turns out, they were able to obtain passwords and other stuff to look at what their rivals were up to, so they can have an upper edge.

Does a 10 million dollar fine cover the overall cost of the rival company going after them to determine what was going on? Maybe it does, maybe it doesn’t.

To make things interesting, a paragraph of the article says:

The rival company didn’t know that one of its former employees had leaked logins to Ticketmaster, which used them to gather information in the mid-2010s
about the competitor’s technology and other aspects of its business.

While the feds didn’t name the company, this article claims that it is a company I don’t think I’ve heard of called Songkick. This is a New York Times article on Songkick which is linked within the article I’ll be linking.

“Ticketmaster used stolen information to gain an advantage over its competition, and then promoted the employees who broke the law. This investigation
is a perfect example of why these laws exist — to protect consumers from being cheated in what should be a fair market place,” said FBI Assistant Director-in-Charge
William F. Sweeney Jr.

The $10 million fine against Ticketmaster — a wholly owned subsidiary of entertainment giant Live Nation — settles five criminal charges for illegal computer
access and fraud. In a related case in October, Zeeshan Zaidi, the former head of Ticketmaster’s Artist Services division, pleaded guilty to charges of
conspiring to commit computer intrusions and wire fraud.

Under the deal with the feds, Ticketmaster also must maintain a compliance and ethics program “designed to prevent and detect violations of the Computer
Fraud and Abuse Act and other applicable laws, and to prevent the unauthorized and unlawful acquisition of confidential information belonging to its competitors.”

This is quite interesting and when I read that, I just had to shake my head. This was quite an interesting article and lots of things are linked within it.

Tickemaster pays $10M fine to settle charges of using stolen passwords to spy on rival company is the article, and I hope that this is a lesson to others, the feds are waiting.

Comments (0)

Microsoft comes out, says source code was accessed

If this strange story of Solar Winds isn’t strange enough, I read an article that indicated that the hackers may have accessed source code from Microsoft.

According to the very first paragraph, the article starts out by saying:

Microsoft said Thursday that the SolarWinds hackers were able to access company source code, although the technology giant described the incident as largely
harmless in an update to an internal investigation.

Accessing source code is harmless? I believe that really depends on the source that was accessed, in my opinion. Some code may be considered sacred and not to be out in the wrong hands., while others maybe not so much.

There are linked items that might be of interest, but one paragraph says:

Microsoft “found no evidence of access to production services or customer data. The investigation, which is ongoing, has also found no indications that
our systems were used to attack others,” it said.

This is probably a good thing, seeing how other networks have been breached and we don’t know by how miuch or if anything is taken.

Microsoft has dubbed the SolarWinds cyberattack “Solorigate,” something cybersecurity firm FireEye has called SUNBURST.

Different people in the industry are going to call this by different names, and we shouldn’t be alarmed by different names by different companies.

Would you like to read more? Microsoft says SolarWinds hackers accessed company source code is the article, and this just goes on the “this is getting interesting” department.

Comments (0)

Another t-mobile breach, the 4th in several years

Are you effected by the t-mobile breach that is now coming to light? The article is written today, January 4, 2021: and this looks to be quite interesting as this isn’t the first by the looks of things.

Here are three paragraphs.

T-Mobile says that it “recently identified and quickly shut down” a data breach that included call-related information about some accounts.

The wireless telecommunication firm said in a notice mailed to some customers in late December that the incident “may have included phone number, number
of lines subscribed to on your account and, in some cases, call-related information collected as part of the normal operation of your wireless service.”

It’s the fourth data breach that the company has acknowledged within the last three years. T-Mobile, which completed a merger with Sprint in April 2020,
also disclosed incidents that occurred in March 2020, November 2019 and August 2018.

I’m happy that they identified this 4th breach quickly, what about the other three? The article continues:

The company called the intrusion “malicious, unauthorized access,” but did not release details about the suspected intruders or their methods. Personally
identifiable information was not affected in this latest breach, T-Mobile said.

“The data accessed did not include names on the account, physical or email addresses, financial data, credit card information, social security numbers,
tax ID, passwords, or PINs,” the company said, adding that it had contacted cybersecurity experts and federal law enforcement about the breach

Even though it doesn’t have personal information involved, we learn:

The affected data is known as customer proprietary network information, and although it might not contain the names or other identifying information of customers, the Federal Communications Commission still considers it sensitive in nature.

If you’re a t-mobile customer, the boards await you.

To read more: T-Mobile: Breach exposed call information for some customers

Comments (0)

Did you know Solar Winds may be on the grid? Check this out and let us discuss

The deadline for regulators to get answers is tomorrow, and I saw this article today although it was written during the end of the year stuff that Cyberscoop published.

The beginning of the article and several paragraphs are as follows.

The North American electric grid regulator has asked utilities to report how exposed they are to SolarWinds software that is at the center of a suspected
Russian hacking operation, and the regulator advised utilities that the vulnerability “poses a potential threat” to parts of the power sector.

The North American Electric Reliability Corp. (NERC), a not-for-profit regulatory authority backed by the U.S. and Canadian governments, said in a Dec.
22 advisory to electric utilities that there was no evidence indicating that the malicious tampering of SolarWinds software had impacted power systems.
But the fact that software made by Texas-based firm SolarWinds is used in the electric sector has made vigilance important, according to NERC.

“At this time, NERC is not aware of any known impacts to bulk power system (BPS) reliability or system outages related to the SolarWinds compromise,” reads
the advisory, which CyberScoop obtained. “However, the presence of SolarWinds Orion Products in the enterprise networks of registered entities exposes
them to the vulnerability and exploitation by the [advanced persistent threat] actor and poses a potential threat to BPS reliability.”

The article goes on to indicate that Cozy Bear or APT 29 are at the center of what is an ongoing investigation. I still don’t want to say for certain that they are to blame, and I don’t want to say for certain that China is to blame. I have a feeling that we are still too early to determine whether or not either party is to blame, although indicators in articles that I’ve published and linked to in the reissue of the show notes from podcast 24 state that Russia is to blame.

What you’ll hear in the upcoming episode of the Security Box, are two segments that talk about Solar Winds, one from the December 15th episode when we found out that Crowd Strike was targeted way back on December 8, 2020. The second, which was part of the last podcast of 2020 in their series, catches up on some of the other stuff that was talked about and speculated. In the reissue of podcast 24, I link to all of the articles that I had read from that time.

Continuing: we take this paragraph which I think is important. It says:

“Supply chain compromises, like SolarWinds, provide illicit and malicious access to OT environments facilitating possible disruption,” said Sergio Caltagirone,
vice president of threat intelligence at Dragos, a Maryland-based firm.

I believe that the supply chain attack is going to be taking on new heights after Solar Winds is done, but how much, we just don’t know.

NERC regularly collects information from utilities in response to cyberthreats. But this particular questionnaire exemplifies how the hunt for information
related to the suspected Russian hacking operation is very much ongoing in the private sector as it is in government.

This is very important information to swallow. We still have a lot to learn, and it is involved in both public and private sectors. Some companies are not coming out yet, while others have.

In a statement to CyberScoop, NERC said it, along with the E-ISAC, the electricity industry’s threat-sharing hub, “continue to monitor the recent supply
chain compromises by advanced persistent threat actors” and their potential impact on the industry.

Did you think you should have started this process when it was only hacks of credit card and other personal data before it came to this? Is this the first supply chain attack of this scale or the first supply chain attack ever? That … I’m not sure.

Finally, the last paragraph says:

“We are working closely with the Electricity Subsector Coordinating Council, the Department of Energy, the Department of Homeland Security, the Federal
Energy Regulatory Commission, our Canadian partners and others, and will continue to collaborate and stay on the forefront of this event,” NERC said. “The
quick response and level of engagement highlights the strong public-private partnerships, which are vital to safeguard the North American bulk power system.”

I hope that you would work with the appropriate people to see how you don’t get targeted and protect yourself and the people you serve in a timely manner.

What to read:

The article has links to other stuff, and you can read further than what I’ve quoted and commented on for this blog.

Comments (0)

Solar Winds and the law, who is at fault if multiple parties are at play?

I honestly do not know if I published thoughts or even talked about the legal problems that may be coming out because of the Solar Winds fiasco of 2020.

As we turn the page in the new year, I’m hoping that we get a handle on this breach, give proper attribution, find a way to get the people involved in this breach in some kind of trouble and find a way to do a much better job at protecting ourselves.

In November, Home Depot settled for the 2014 breach that occurred that was not impressive for its time.

The article says in part:

As Congress, federal government departments and corporations reckon with the vast sweep of the SolarWinds breach, there are still many more questions than
answers. Fewer pieces of it are less certain than how it might play out in court, where companies and individuals alike stand to gain or lose. Many millions
of dollars, corporate blame and years of finger-pointing are on the line.

That’s because the targets — government agencies, and some major companies — aren’t the usual kind of victims, nor has anyone yet figured out the full
scope of the damage and where the blame fully lies.

In this case, legal experts say, the winners and losers are especially hard to predict.

“I think it’ll be a few more months, if not years, until we really understand all the legal theories people are going to try,” said David Springer, an
attorney at Bracewell for companies responding to cybersecurity incidents.

We aren’t sure who is going to win or lose in this, and it may even take more time to figure out what is going on.

In the next Security Box, episode 26, we will play throughout the program two segments from two Security Now programs where Steve catches up the listeners on what is going on.

You can definitely search Solar Winds and find my three part massive series and thoughts dealing with the massive breach, and as we turn the page, we’ll more than likely learn more about what this breach has done to this security landscape.

As I recently blogged during the holiday break Crowd Strike was targeted but yet was the beginning of the bigger problem. I also recently blogged about the former employee telling the company that a breach was possible, and the company did absolutely nothing. That is absolutely uncalled for in this day and age, especially when lawmakers and regulaters come knocking with letters asking questions.

One of the paragraphs says:

“We’re getting into fourth and fifth and sixth party risk,” said Nate Smolenski, Corvus Insurance’s chief information security officer. “This is where
all the scary stuff happens.”

4th, 5th and 6th party problems? If this is true, than the article I read and published just recently and relinked here is wrong, because of the fact that the company did everything right! I don’t hardly believe that, and I don’t buy it.

There are several headings:

    Calm before the legal storm

  • The regulatory picture

and the article was quite interesting to read just the same. The article is entitled SolarWinds hack spotlights a thorny legal problem: Who to blame for espionage? and I hope that people get a good read out of this. This is more than not ending any time soon, and the new year will bring more news of all of this. Thoughts?>

Comments (0)

In 2017, Ian Thornton-Trump said a breach was inevitable, company did nothing

To get this article to read, I had to select reader view in firefox, the Daily Mail web site is aweful!

Be that as it may, this article is definitely worth the trouble, as Ian Thornton-Trump, a former employee at Solar Winds, indicated in 2017 that a breach was inevitible.

Ian Thornton-Trump, a former cybersecurity adviser at SolarWinds, said he urged management in 2017 to take a more aggressive approach with its internal
security, warning that a cybersecurity episode would be ‘catastrophic’, according to a New York Times report published Saturday.

The article then goes on to say that since the move to Eastern Europe where some of the development to the software took place, and Russian operatives have ties there, could have lead to this breach. The cost savings by moving the devlopment aspect to Europe may have cost them, as the article states.

The article does state that there is no cybersecurity person at the company, and not having someone who can help fend off attacks like the one we have witnessed could possibly cost this company.

Want to read more? Select reader view in your browser for best results, SolarWinds was warned about potential cyber attack, cost-saving move to Europe may have exposed firm is the article title, let the comments begin!

Comments (0)

Lets post some arrest news, this time coming from the UK

It’s been almost a year since an international sting took down WeLeakInfo, a site that marketed stolen personal data, but its alleged customers are still
drawing the attention of law enforcement.

This is the first paragraph of a very interesting article that was posted near the end of 2020. The thing that really interests me is that reports indicate that 21 people from across the country have been arrested for using info from WeLeakInfo, the site they baught it from. The people who were arrested were caught because they used the data.

When searching for WeLeak, I found this blog post I titled: A search engine for searching for personal info shut down and that was before the Pandemic we still face in the new year took hold and a hold I thought we’d be out of by now.

According to Mr. Kreb’s article, it says:

“Of those 21 arrested — all men aged between 18-38 — nine were detained on suspicion of Computer Misuse Act offences, nine for Fraud offences and three are under investigation for both,” the agency said in a Dec. 25 release.

This is quite interesting, wonder if the CFAA is involved in this? The CFAA was discussed on the Security Box, I wrote on the CFAA numerous times, especially when I was preparing for it to be talked about on the security box. Here is the July article entitled: What is the CFAA and why has it been a problem? for you all to peruse.

The article continues:

“A further 69 individuals in England, Wales and Northern Ireland aged between 16-40 were visited by Cyber Prevent officers, warning them of their potentially
criminal activity. 60 of those were served with cease and desist notices,” the NCA said. “Many more of these visits are due to take place over the coming
months.”

I’m happy that everyone isn’t getting just outright arrested, some are under 18 and need to learn still and I feel this is the right approach. To make things worse, 3 people may be involved in other illegal activity. The paragraph in question says:

“As well as being customers of WeLeakInfo, evidence suggests that some had also purchased other cybercrime tools such as remote access Trojans (RATs) and
crypters,” the agency said. “Additionally, three subjects have been found to be in possession of, or involved with, indecent images of children.”

If this isn’t bad enough, some like the ones in other illegal activity as quoted should just be outright picked up.

At the bottom of the post, is a tweet that was tweeted on Christmas, 2019.

Want to read more aboiut this case including links to other aspects including Cyberchoices? I want everyone in the sound of my voice to read: UK arrests suspects tied to WeLeakInfo, a site shuttered for selling breached personal data so they can be aware of the entire takedown to date. While I’m posting this after new years, its never too late to post this excellent news. I like stories like this. See you all soon!

Comments (0)

Podcast 24 of the asecurity box additional notes

While I was looking at stuff to prepare for this week, I found that I had done show notes for podcast 24. I’ve replaced my copy of the notes I released at the time of that podcast release.

I did want to bring some good news in to the podcast, as well as linking to some of the Solar Winds stuff.

This post is only to update the shownotes, nothing else has changed. Go to the podcast section of the blog and find the first entry of podcast 24 if you need a link for downloading.


Welcome to program 24 of the Security Box. While the program is not a live program, we’re going to continue to give people up-to-date material that is of importance while we look back in the year in review. All news will be broken up, but we’re only linking to stories in the sections, we are not going to comment on each one like we do for the live show. The tech blog may also have articles with more commentary. Hope you all enjoy the program as much as I have putting it together for you.

Solar Wind:

Solar Wind is now the biggest topic. While the tech blog has commentary in writing, we’re linking to things as a resource so you can see them when the podcast is released. In this podcast, I only have one segment, so the articles will be of value and you can decide what to bring up once we return to the airwaves for our live shows.

Good news:

This section will cover anything in the good news department, we need more of it don’t you think?


Thanks again for listening, make it a great day!

Comments (0)

Happy new year

Happy new year from all of us at the Jared Rimer network, which includes free and paid sites, my volunteers that help me keep things as safe as possible, and all of my readers.

I’m going to hit the ground running tomorrow and I’ll start posting again, and will try to keep up with Sans News Bites this year.

I’ll be posting a bunch of current stuff, and try to find the most interesting things out of the stuff I’ve sent to my email.

My goal is to continue both podcasts, as well as blog about all kinds of stuff from access technology, security, app reviews, and my continuing partnership with Blind VMS.

I hope that each and every one of you had a happy holiday break, and the next Security Box will be aired this week coming up on Wednesday on the mix on the independent channel. For times, check the schedule, and use world time server to convert that time to yours if needed.

Comments (0)

Why are we promoting spy apps to watch our kids? Check this out

Hey folks, I have a serious question. Why in this day of everything going wrong are we even promoting spy apps? In something I just read entitled Watch Your Kids with Mobile Spy Apps and in practice, that may be a good idea.

Have you ever thought of the types of information these applications might collect? They send the information to you via email or sms, and you know exactly what is going on.

While I understand the idea of these applications which vary from IOS and Android and many names are listed, is this something we should really be promoting?

Mobile Spy Apps or Mobile Spy Software are specifically designed for use with iOS and Android devices. These kinds of applications help you monitor incoming,
outgoing text messages, GPS locations, and calls made and received on your mobile phone. To do this, these programs need to read the files that come in
the form of APN’s (Access Point Name), HAP (Home Access Point), and IMS (Incoming Message Status).
When the Mobile Spy Software analyzes these data packets, a log of the device’s activity can then be extracted. All the information is recorded in the
text and automatically sent to a third party website.

What are th practices of these web sites?

The article continues:

Some of the most famous examples of these monitoring applications are iSpy for iOS and Freezy for android phones. Other examples include SpyFu for Mac,
Rxected for iPhone, logger for Blackberry, Cloner for Windows Mobile, GoArtical for PSP, CoolMobile for Windows Mobile, MyTrace for iPhone, MyTrace for
Android, MyTrace for PC, Sonar for Symbian, ATOM GPS for HTC, ATOM GPS for Windows Mobile and PC.

Here we have a lot of different applications, and today, I just can’t recommend anything like these apps to anyone. With the breaches becoming rampant and not slowing down any time soon, consider checking on the privacy practices of any of these apps before deploying them.

Kids are smart, they can surely find apps they know nothing about and can remove them too. Just something to think about.

Comments (4)

The Security Box, podcast 25

Thanks so much for checking out the Security Box if you listened on the Independent channel while we took the time off.

The RSS feed should have the file as we scheduled it to be released about now. Don’t want to deal with RSS? Download the 148.90mb file and enjoy.


Show notes


Welcome to podcast 25 of the security box. This podcast was compiled on Christmas day, but was released on the 30th of December. On it, we go through podcasts 341-357 of tech, playing a few segments which were also covered on this podcast like catphishing, some of the security items throughout the year from the blog, and even other highlights. Highlights the security box and some of what we covered in podcasts including two interviews. This podcast is 167 minutes and is the last of the two podcasts before we resume the first week in January. Hope everyone enjoys the lookback, and thanks for listening!



I’ll be back with a live program next week. Thanks for listening!

Comments (0)

A little behind, but still worth posting: Crowd Strike doesn’t get owned

While we’ve been on break, I’ve had an article sitting here that I read in regards to the Solar Winds breach which was talked about on this past Tuesday’s Security Now which I’d like to try and catch.

The article is entitled SolarWinds hackers also went after CrowdStrike and it was definitely interesting to read it when I did.

There really isn’t much neews since then except that people should be more aware of whats going on, and watch for possible attacks, but I sense we won’t have anything new until next year.

What was interesting about this article is that the actors attempted to breach Crowd Strike and was unsucessful. This is probably the best news we can get out of this ordeal, and its a glimmer of hope anyway.

Microsoft told CrowdStrike that “several months ago,” the Microsoft Azure account of a Microsoft reseller was making “abnormal calls” to Microsoft cloud
application programming interfaces (APIs). The account managed Microsoft Office licenses for CrowdStrike.

The attackers tried to access emails, but Microsoft said the attempt was unsuccessful, according to CrowdStrike. “As part of our secure IT architecture,
CrowdStrike does not use Office 365 email,” Sentonas said.

“We have conducted an extensive review of our production and internal environments and found no impact,” Sentonas said. “CrowdStrike conducted a thorough
review into not only our Azure environment, but all of our infrastructure for the indicators shared by Microsoft.” <;/blockquote> This is similar to me getting email saying that my account would be closed if I didn’t provide details, yet the email was sent through a contact form, or even directly.

If my account were to be closed, I could just bring it back, as it is under my control. Good job, Crowd Strike, you succeeded in this one because they tried to get at something you didn’t have.

Want to read more about this latest I’ve been holding on to? The link is above, and lets open this up for comment.

Comments (0)

Weather apps for IOS

I posted this on a site called Apple Vis, and I’m sure I’ll hear from them, but if you aren’t over there, I’ll post here so it gets some attention. I’m in no rush to switch, just looking around.


Hello folks,

I’m writing today as I’ve thought about this long and hard. I was recommended Weather Radio which I’ve enjoyed. I had written them about some issues which they confirmed via voiceover this year. Sadly, when I wrote through the app to find out about the status of the bug which has to do with reading the alerts and the constant back reading it does, I was informed that the app was removed from the app store.

I got to thinking about what app to use as I liked weather radio and the way it gave alerts. I did try and podcasted about Weather Underground but I agree with the presenter, it doesn’t feel that great, and the alerts are vague. It took me a bit to set up locations, the current, plus two others I have people in.

Then I got to looking at Dark Sky which is a paid app. I’m not opposed for paying for an app, but the developer of this app says Apple. I remember reading on this site from someone from this app that was going to make changes, which were then implemented. I also saw something here called Carrot Weather which I only read here.

What I’d like to do is find something similar to weather radio where I can customize the alerts I get like weather radio did. Weather Underground doesn’t seem to cut it, the alerts they do have are good, and the forecast is nice, but am just looking to see what people are using.

I would greatly appreciate if someone can assist me in this endeavor so I can make the best choice. Thanks for reading!

I’m using an Iphone 11 gotten at the beginning of 2020, latest IOS 14.3 and use voice over exclusively with no braille.

Comments (0)

« Newer PostsOlder Posts »

go to sections menu


navigation menu

go to sections menu