4pin

All the time I’m asked if I buy the tinfoil for my hat from Costco, my answer is yes. Followed quickly by, “Just as long as I’m not the low hanging fruit”.

Frustration in the system.

How do you verify your identity to someone on the phone for help or support? “Can you please give me the last 4 digits of…”. It has turned out that the last 4 digits of our Social Security number, credit card number, driver license number (an ever growing list) have become our new PINs to whatever account they are associated with. We are now at the point where anyone with a collection of those 4 digit numbers can takeover just about any account we have. Yes, they don’t have the full values but with a minimal amount of social engineering they don’t need them.

This was recently made painfully apparent, once again with the recent disclosure of the DoorDash data breach. In addition to the usual data: name, email, delivery address (where I live) and phone numbers they also obtained the last 4 digits of some users credit card numbers, some merchants and delivery workers bank accounts and as they said “The cherry on the top, the driver license numbers of about 100,000 delivery workers.

I’d expect these delivery workers are not ready to start the arduous process of taking the steps to protect themselves from their identity being exploited or the long painful road cleaning up after their identity gets exploited. Good thing they have “credit score monitoring” to look forward to.

We need a grassroots effort to start to make a change in the system to protect those that don’t have the background or skills to make use of the tools available to “mask” their identity and obfuscate their digital presence online. We need to take advantage of the vast information made available through experts such as Michael Bazzell and his podcasts, books and training to up our game. Those of us with these skills need to help our family, friends and community to protect themselves. Our government has made it painfully clear that their interests lie elsewhere.

This and other articles can be found at: chucktalkingtech.com


Chuck Talking Tech / by Chuck Bienenfeld

December 14, 2016

As many of you may already be aware, there is a new malware campaign called Gooligan.  This is a rootkit identified by the security researchers at Check Point that in part steals authentication tokens that can be used to access data from Google Play, Gmail, Google Photos, Google Docs, G Suite and Google Drive.  Moreover Gooligan can be even more frightening.  This involves its ability to install other applications even ones from the Google Play store, serve up additional adware and provide 5 star ratings to applications that bought in.

Read the rest of this entry »


“I love it when a plan comes together.”  – John ‘Hannibal’ Smith – The A team

The plan came together when I received an email after subscribing to Troy Hunt’s “Have I been pwned” website notifying me that my account (email address and password) was part of the recently made available LinkedIn 2012 data breach.

Read the rest of this entry »


Chuck Talking Tech / by Chuck Bienenfeld

March 19, 2016

Disclaimer, I am a happy user of UBlock Orgin. I use it primarily due to all the behind the scenes data tracking and system fingerprinting being done via JavaScript by the advertising, ISPs and web communities.  It also helps prevent ads from 3rd party sites where malivertising so readily exists.  I am also frustrated that our data is considered free game and not ours to control as we see fit.

Read the rest of this entry »


UniquePasswordsBlogChuck Talking Tech / by Chuck Bienenfeld

September 1, 2014

This blog post is long over due. I felt with the almost daily announcements in the media of a company losing our sensitive data, such the highly publicized Heartbleed vulnerability, Target and E-Bay breach and multiple StubHub account violation, it was time to start the conversation about the need for strong, random, unique passwords.

Read the rest of this entry »


Chuck Talking Tech / by Chuck Bienenfeld

March 27, 2014, 2014

Microsoft announced on March 24, 2014 in a Microsoft Security Advisory (link: 2953095) that they discovered a vulnerability affecting supported version of Microsoft Word.  This exploit could allow a malicious user remote access to the effected system with the same user rights as the current user.

Read the rest of this entry »


IOS71

Chuck Talking Tech / by Chuck Bienenfeld

March 10, 2014, 2014

With all the rumors that users would need to be running iOS 7.1 to stream this year’s iTunes Festival beginning March 11, 2014 it was inevitable that iOS 7.1 would be released prior to the festival and guess what, it was released today. Read the rest of this entry »