Tag Archives: online security

Hackers and Technology by Wayne T. Dowdy

Technological Challenges

On Quora.com, one of my most viewed answers related to technological challenges upon release from prison. If you spent a long time in prison, what technology did you find hardest to adjust to when you were released?

Many things have changed for me since I wrote that answer: I’ve become pretty good with the technology available today but am a long way from being a technological guru. Though I am an aging gentlemen, I am not resistant to change and do welcome some of the advances in technology but do wonder what the future will hold at the pace we are moving into the Brave New World.

All Hackers Not Created Equal

One thing I learned is that all hackers are not created equal. Some are better than others, some have good intentions, others are evil-minded actors who seek to create trouble for agencies, individuals or for companies.

Some hackers work to improve website security, such as those who work for Wordfence.com and cyber security firms to search for flaws in the technology that allow bad actors to hack websites or to otherwise create problems for those involved, whether it be to enter malicious code to steal personal data or to take over the websites.

Technological Changes: Artificial Intelligence (AI)

Today I experimented with the BING AI and was amazed at the essays it created for me after I added the topic and chose other relevant information. For examples, please read some of the blogs that I will post, beginning with the creative title I used to give the latest technology a name (e.g., Dr. AI Bing): Prison Privatization Effects on Society by Dr. AI Bing and Wayne T. Dowdy.

In conclusion, the following information is what started this blog that evolved because of my experiments with the Dr. AI Bing on this bright sunshiny day that may take us on a journey into another unknown area of existence where AI enlightens us on the new dimension that awaits us in this thing we call life. šŸ™‚

Bleeping Computer News

The Bleeping Computer news service reported a flaw in the WiFi network traffic process that creates a security issue. (I provide the link for the article at the end of this post.)

Last night and early today, I was trying to make a payment to PayPal Credit through PayPal, which is attached to my bank accounts. When I couldn’t connect to the bank from PayPal Credit to make my payment, I instituted my normal security protocols of running security scans, using different browsers (Edge, Google Chrome, Firefox), and another computer to determine whether there was a security issue with my personal network and associated accounts.

After all attempt failed to connect to the bank, I called customer service at PayPal Credit (Synchrony Bank) and learned that the bank-access-problem was systematic, which made me feel better. That let me know that it was unlikely that my computer or accounts had been hacked.

Shortly after I contacted Customer Service, I read the Google news feed and found The Bleeping Computer article, and then I understood why I could not connect to the bank: cyber security working on closing holes with firewall rules to protect data from hackers.

When I tried again a few hours later, I succeeded at paying my $1.30 PayPal debt. šŸ™‚ Yes, that number is correct, less than two-dollars, but a bill is a bill and I always pay off early to avoid interest charges and to maximize my credit utilization to keep a higher credit score.

https://www.bleepingcomputer.com/news/security/wifi-protocol-flaw-allows-attackers-to-hijack-network-traffic/

The Phish Who Got Away

The veterans of today’s online wars don’t have to carry guns and ammo to protect us: they use keyboards and electronic equipment. I praise them, too.

The day after I posted “Happy Veterans Day” with a link to an article from Reader’s Digest about scammers/fraudsters, I received a Wells Fargo email instructing me to call a number if I hadn’t received my new debit card.

(Read the referenced articles inside the Reader’s Digest article to learn more about online scams: [Reader’s DigestĀ published a great article that I read and shared on Facebook and Twitter because of all of the information contained about protecting online identity, by having links to other articles not included in the title,Ā 13 Signs Amazon Seller Can’t Be Trusted.])

I knew the card was just mailed that morning and suspected a scam. Being the investigative-type of person I am, I called the number to investigate: I was correct!

The speaker said they knew from the phone number what my bank account number was, so all they needed was the last four digits of my social security number.

I hung up, and immediately went online to my bank account that I use the two-step verification process on (my phone must be used in conjunction with the login information), and then turned off my card that was soon to expire (I was waiting for its replacement).

After knowing the card and account was safe, I called the bank number I knew was legit and reported the attempted phishing.

Well, this phish broke the line and got away to fight another day. I don’t reckon they liked my blogging about their scamming.

I stayed up late running various security scans and changing passwords to protect myself. Please read some of the articles in Reader’s Digest to enlighten yourself on how to identify the fraudsters who want to steal your money or identity. Don’t be lazy or so arrogant that you think you do not need to worry about some scandalous son of a bitch who wants to be you long enough to steal your funds and identity: it may happen to anyone.

The following excerpt came from one of the articles I sent out on Facebook and Twitter. It is 100% correct.

“MARVENT/SHUTTERSTOCK

ā€œ’If you receive a suspicious email from a friend’s email address, don’t reply, ā€˜Is it really you?’ because the fraudster will answer ā€˜Yes.’ If a suspicious email from your bank contains a phone number, don’t call it. Instead, look up the bank’s phone number in the Yellow Pages or Google it.’ā€ —Mark Gazit, CEO of ThetaRay, a provider of big data analytics solutions.”

https://www.rd.com/advice/work-career/clear-signs-youre-about-to-be-hacked/

As I stated, I knew to call the bank phone number I knew wasn’t a scam.

Then I received my weekly updated email from Wordfence.com that told of a security issue with WordPress Email Subscribers & Newsletters.  Here are some excerpts. I posted the URL to the complete article for those who want to read the full report.

“Multiple Vulnerabilities Patched in Email Subscribers & Newsletters Plugin

This entry was posted inĀ Vulnerabilities,Ā WordPress SecurityĀ on November 13, 2019 byĀ Chloe Chamberland

“A few weeks ago, our Threat Intelligence team identified several vulnerabilities present inĀ Email Subscribers & Newsletters, a WordPress plugin with approximately 100,000+ active installs. We disclosed this issue privately to the plugin’s development team who responded quickly, releasing interim patches just a few days after our initial disclosure. The plugin team also worked with us to implement additional security measures.

“Plugin versions of Email Subscribers & Newsletters up to 4.2.3 are vulnerable to attacks against all of the vulnerabilities described below, and versions up to 4.3.0 are vulnerable to the SQL injection vulnerability. All Email Subscribers & Newsletters users should update to version 4.3.1 immediately. Wordfence Premium customers received new firewall rules on October 14th to protect against exploits targeting these vulnerabilities. Free Wordfence users receive these rules on November 14th.

“Unauthenticated File Download w/ Information Disclosure

Description: Unauthenticated File Download w/ Information Disclosure
CVSS v3.0 Score: 5.8 (Medium)
CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Affected Plugin: Email Subscribers & Newsletters
Plugin Slug: email-subscribers
Affected Versions: <= 4.2.2
Patched Version: 4.2.3

“Email Subscribers & Newsletter provides site owners with the ability to create newsletter campaigns that site users can subscribe to. One feature of this plugin is the ability to export all of the site’s subscribers into a single CSV file containing first names, last names, email addresses, mailing lists the subscriber is on, and more. Unfortunately, there was a flaw in this plugin that allowed unauthenticated users to export subscriber lists and gain all of the information provided by subscribers.”

For the complete report go to https://www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-email-subscribers-newsletters-plugin/?utm_campaign=Wordfence%20Blog%20Emails&utm_source=hs_email&utm_medium=email&utm_content=79364920&_hsenc=p2ANqtz-8BWZWGcayl7CmLA8_0ZOuqUMxFleAxNa1XzLNtcjmm_PWVISfoOeViJk0XBMmja4fUtyG9alUFRXA6PRL4cnymLjx62a0YXm_ZWbqwjxsINMHzwyE&_hsmi=79364920

In the words of a biblical writer, “Be Aware Lest Ye Fall.”

That time I got away by breaking the line before the hook set, and I have maintained heightened security measures since then, adding additional computer security programs to check for malware, spyware, viruses, and all sorts of various poisons used to attack and infect unsuspecting citizens.

Even with all of those measures in place, I know to remain aware, to keep updating computer program security features and processes, and to never get so relaxed that I think those hooks aren’t in the water waiting for some unsuspecting PHISH to come swimming by.

Happy Veterans Day

In America we dedicate this day to those who served and protected our country. I am grateful for those who have and those who do.

For more on Veterans Day click this: https://g.co/kgs/nYi9YG

Many of those who served now lay resting but are never forgotten. The man is the following image is one who was one of my heroes whom I wrote about in Labor Day and a Personal Memorial Day.

https://straightfromthepen.com/2019/09/02/labor-day-and-a-personal-memorial-day/ .

Today we have different wars and battles to fight, one being an invasion by online scammers who want to steal our identities and or resources.

I fight against those trying to invade my space on a regular basis through my websites and by phone calls. Because I need help, I pay and use free versions of antivirus computer programs on my PC and phone because I am constantly bombarded by scammers who want to be me. šŸ™‚

Americans are prime targets of scammers but no one is safe from attack.

Well, maybe more like to want to see what they can steal from me.

Reader’s Digest published a great article that I read and shared on Facebook and Twitter because of all of the information contained about protecting online identity, by having links to other articles not included in the title, 13 Signs Amazon Seller Can’t Be Trusted.

https://www.rd.com/advice/signs-amazon-seller-cant-be-trusted/?_cmp=readuprdus&_ebid=readuprdus10272019&_mid=309700&ehid=8fbcb9fd291744b840632983d832178c40787096
Please read if you want to learn more on how to be safe in a world of scam artists.

The veterans of today’s online wars don’t have to carry guns and ammo to protect us: they use keyboards and electronic equipment. I praise them, too.