macOS zero day on watering hole

Another macOS zero-day giving root access, Google warns hackers used macOS zero-day flaw, could capture keystrokes, screengrabs | ZDNet also on iPhones. A watering hole attack relies on profiles of a website’s typical visitors to create the attack. For companies, note the websites of your industry’s conferences, standards bodies, and vendors.

Pretty sophisticated code I guess because analysts were looking at the quality as being like that of dev team: “…[u]sual-suspect traits of malware built for spying on a target, including device fingerprint, screen captures, the ability to upload and download files, as well as execute terminal commands…also record audio and log keystrokes.”

Just be wary where you are following the same sites as co-workers. Beware email lures. Get secure email and malware solutions for your business.

Cyber mercenaries advertising

Since 2015, Void Balaur has been targeting around a dozen high-profile professionals a day: human rights activists, journalists, politicians, telecommunications engineers and medical doctors. They’ve also been advertising on Russian-language sites. This is not only in DARKReading, but also The Hacker News , Trend Micro, and ZDNet.

https://www.darkreading.com/vulnerabilities-threats/hacker-for-hire-group-spied-on-more-than-3-500-targets-in-18-months

ZDNet covered a piece of malware they’ve dropped in some sites some time ago: https://www.zdnet.com/article/trojan-malware-the-hidden-cyber-threat-to-your-pc/

Use multi-factor authentication to protect your email and social media accounts. Physical keys instead of SMS passcodes. Use reputable email. Webmail is best. I use Gmail, which has superior spam filters.

The West’s self-hatred must end before it is destroyed

Tens of thousands of would-be immigrants are massing at the southern border. They’re coming for the good of the West (but are unlikely to appear before a judge as they have been told to). We know why they are coming: technology, commerce, opportunity—and liberty that only democratic capitalism has been successful enough to create. Why is this so hard to admit? Continue reading “The West’s self-hatred must end before it is destroyed”

Gadgets 11/04/2021: Walmart, Dell, Amazon early Black Friday; USED Shopping; xTool M1 Laser & Blade; Robot arm

My new tech days are comprised of today’s deals and then upcoming tech that I think kewl.

I have some general suggestions today.

Walmart Black Friday
https://www.walmart.com/shop/deals/electronics

Dell Black Friday
https://www.zdnet.com/article/dell-unveils-its-black-friday-2021-deals

Amazon Black Friday
https://www.amazon.com/events/earlyblackfriday

How to SHOP USED–Forget the supply chain!
https://www.zdnet.com/article/supply-chain-delays-where-to-buy-used-laptops-and-other-tech-gear

NEATO UPCOMING TECH

Cutting and engraving xTool M1 – Mini but Powerful Hybrid Laser & Blade Cutter
https://www.kickstarter.com/projects/makeblock/xtool-m1-superb-hybrid-laser-and-blade-cutter-and-engraver

UFACTORY Lite 6 – Most Affordable Collaborative Robot Arm
https://www.kickstarter.com/projects/ufactory/ufactory-lite-6-most-affordable-collaborative-robot-arm

 

Socialism, Communism, meh

I am always hearing this ranting about the dangers of Democratic Socialism by those on the right, how it’s just Communism. I’m not convinced. I think that those who want it, no matter that i think it’s not an entirely workable system, want the kind of Socialism that is in Sweden or Denmark–not Communism. The results of Communism is rather obvious, but let’s not conflate the two.

This Spyware Makes Everyone Vulnerable

This article speaks how vulnerable we are to determined actors. Some things can just not be defended against. But we can still learn good practices to mitigate many of these attacks.

  1. Text messages and email do remain the vulnerabilities on phones/tablets.
  2. WhatsApp asked this reporter to a protest
  3. I also keep my personal data off my phone
  4. But photos and contacts and texts are still on it
  5. Zero click is scary. You don’t have to even click for this kind of infection, so there’s not much defense if you’re on someone’s list. Nearly impossible to definitively identify the bad guys.

Gadgets 10/25/2021: Z Flip, Samsung Buds Pro, Jabra headphones, Storytelling Clock, Pocket Cameraman, Cipher game, other deals pre-Black Friday

My new tech days are comprised of today’s deals and then upcoming tech that I think kewl.

As I said previously, try shopping early this holiday season. There is a shortage in a number of industries/supply chains. Amazon, Home Depot, Walmart and other big retailers will probably get their own planes to make up for the cargo ship problem. Continue reading “Gadgets 10/25/2021: Z Flip, Samsung Buds Pro, Jabra headphones, Storytelling Clock, Pocket Cameraman, Cipher game, other deals pre-Black Friday”

Vulnerable IoT Devices! (Using Publicly-available Information To Learn More About A Target pt. 2)

Three very cool search engines. Use them 1-2-3 bang all together.

IoT devices are horribly insecure nowadays. You can search for information in your passive footprinting.  Stuff like webcams by manufacturer or version. Continue reading “Vulnerable IoT Devices! (Using Publicly-available Information To Learn More About A Target pt. 2)”

Day at theZoo

No that is not a typo. The original theZoo is a github repo with commodity malware samples.  Everyone has access to malware that is off-the-shelf and it’s the most common type.  No Advanced Persistent Threats here. But your anti-malware software will probably flag you.

It’s neat because you can use it to study this code. Alternatively, you could do some things that are not recommended. You could create a phishing email that could be sent to a million users, not targeting anyone in particular like the APTs do.  The APTs and other lone hackers or groups create more sophisticated malware. Instead, these users–sometimes called script kiddies–can download say WannaCry ransomware and send it out through your phishing email (or through a “stager” email malware that will load other modules). No reconnaissance needed here.

Think about it, if only one percent of a million users open the email, you end up with 10,000 compromises. Not a bad pay day.

All hail, the Recovering Provocateur!

My day starts with my family member playing and reading all the Trump-related memes.
“Don’t you know what’s going on?”
“No, what?”
“They found massive fraud in the elections in Arizona and they’re going to find it in the other states…”
“O.K. let me know when that happens.”
I need proof, I say—a lot. When it comes to QAnon you must.
“It’s not QAnon,” she says.
“Maybe not in name. It’s just Qanon-lite.” Continue reading “All hail, the Recovering Provocateur!”

Dictionary.com Changes and Early Covid-era Mental Health Suggestions

ATTENTION: The discussion below includes talk of suicidal ideation. If you or someone you know is having any suicidal ideation, please contact the National Suicide Prevention Lifeline at 800-273-TALK (8255). People care about you.

Dictionary.com has removed the word “commit” in various references to suicide.
https://www.dictionary.com/e/mental-health-language/

And has the following recommendations for being aware of and helping those struggling with suicidal ideation:

  • Adopt a nonjudgmental and open-minded attitude
  • Show you care by listening actively, without interrupting or giving advice unless prompted
  • Ask open-ended questions instead of “yes”-or-“no” questions to keep the conversation going
  • Validate the feelings of the other person; it’s OK to not be OK, and sometimes just holding space for another to express themselves can be deeply comforting

Because I am so high functioning, it took me a long time to acknowledge having a mental illness. Talk it out. Below are some early Covid-era mental health suggestions (by early I mean under more stringent sheltering conditions), from Mental Health During Coronavirus (seizetheawkward.org):

  • Engage in live streams – from your favorite yoga studio to your favorite artists
  • Schedule virtual dinners or dance parties with friends
  • Start a virtual book club
  • Participate in online game nights
  • Plan to watch television shows or movies at the same time and video chat to share reactions
  • Enroll in remote learning classes or look up tutorials online
  • Go on virtual museum tours together
  • Share your favorite recipes or host a virtual cooking competition
  • Try a home workout together

“Whatever Gets You Talking” | Seize the Awkward | Ad Council – YouTube

Gadgets 10/12/2021: Holiday shopping; lower storage prices; M1 price returns; mixed reality headset; FHD projector

My new tech days are comprised of today’s deals and then upcoming tech that I think kewl.

Try shopping early this holiday season. As you may know, there is a shortage in a number of industries/supply chains. In fact, Amazon, Home Depot, Walmart and other big retailers will probably get their own planes to make up for the cargo ship problem.

This could be great. I just question the decision to not have the peripheral vision immersed.
https://www.kickstarter.com/projects/stanlarroque/lynx?ref=discovery&term=mixed%20reality%20headset

M1 Macbook at $850
https://www.amazon.com/Apple-MacBook-13-inch-256GB-Storage/dp/B08N5LNQCX/ref=sr_1_4?dchild=1&keywords=m1+macbook&qid=1634058025&sr=8-4

Cheaper micro sd cards
https://www.amazon.com/s?k=micro+sd+card&i=computers&rh=n%3A516866%2Cp_n_feature_two_browse-bin%3A13203835011&dc&crid=237NQWK1KJUNR&nav_sdd=aps&qid=1634058218&rnid=6518301011&sprefix=micro&ref=sr_nr_p_n_feature_two_browse-bin_1

This is not completely clear to me, but is it a rear projector?
Splay- Expandable Display & Ultra-Short-Throw Pico Projector by Arovia — Kickstarter

China’s Aggression and U.S. Debt

The incursions on Taiwanese airspace seems to have picked up. I don’t know how this will work out if there is conflict with the U.S. Will the debt we owe China be called in if there is a conflict? We know that it would have a horrible effect, but China would suffer as well. This piece I wrote a little while back talks about the debt and Chinese aggression before these events.

Thoughts on 100th Anniversary of the CCP

Skynet is Rebooting

What is everyone doing now? I kid, but no really.

We are so dependent on Facebook and this could be time for reflection. What do we do at home, out and about–God forbid, at work? I know that FB is a kind of drug for some people and I have found that I need a timeout sometimes myself. But when 2.89 billion people on the planet are on this infernal thing, the question is what would happen in a long term outage? People may get back to life.

Avoiding the Crush

Part 2 of Considering the Crush

So what should we do being in Europe amid the crush? I thought, “how can we make this work? How to sleep well, get around relatively cheaply and easily, and to just enjoy ourselves?” We could have made a frantic travel plan, to see all the big attractions, run to and fro, and try to get photos of everything. You may encounter someone in your party like Ellen Griswold (National Lampoon’s “Vacation”): Continue reading “Avoiding the Crush”

Active Reconnaissance – There’s no place like 127.0.0.1

Before I continue, I should mention that scanning any other system than yours could get you in big trouble. To be safe, you need written permission to do so on systems other than your own. The IP number for the computer you are on is 127.0.0.1, also called “localhost” or just home. If you run nmap against that IP you should be OK. Continue reading “Active Reconnaissance – There’s no place like 127.0.0.1”

Debt Limit – Non-stop

If we keep borrowing money and only repay the interest, aren’t we saying that we don’t intend on paying it back? I don’t see a way out of this and we’re just kicking the can down the road. Fiscal responsibility used to be part of conservative ideology.

Yellen wrote “This uncertainty underscores the critical importance of not waiting to raise or suspend the debt limit. The full faith and credit of the United States should put at risk.”

I think the full faith and credit are already at risk. As long as we can’t touch entitlements, we are not pursuing a responsible solution. Someone is going to have to break the news, someone preferably in their last term of their job and not concerned with being re-elected.