Google Cloud Accidentally Deletes $125 Billion Pension Fund’s Online Account
A major mistake in setup caused Google Cloud and UniSuper to delete the financial service provider’s private cloud account.
This event has caused many to worry about the security and dependability of cloud services, especially for big financial companies.
The outage started in the blue, and UniSuper’s 620,000 members had no idea what was happening with their retirement funds.
Services didn’t start again until Thursday, and the fund promised its members that investment account amounts would be updated as soon as possible, even though they were still showing numbers from the previous week.
Joint Statement and Apology
According to the Guardian reports, the CEOs of UniSuper and Google Cloud, Peter Chun and Thomas Kurian, apologized for the failure together in a statement, which is not often done.
“This incident is an exceptional and singular occurrence that has not happened with any client of Google Cloud on a global scale before.” This ought not to have occurred. Google Cloud has implemented preventative measures in response to the identified events that precipitated this disruption.
They said that the event was “extremely frustrating and disappointing” for members and caused by a “one-of-a-kind occurrence” in which UniSuper’s Private Cloud services were set up incorrectly, causing the fund’s cloud subscription to be deleted.
“UniSuper’s Private Cloud subscription was ultimately terminated due to an unexpected sequence of events that began with an inadvertent misconfiguration during provisioning,” the two sources stated. “Google Cloud CEO Thomas Kurian has confirmed that the disruption was caused by an unprecedented sequence of events.”
A 6G transmitter has been created that can reach the fastest internet capabilities recorded yet.
The new technology was created by four companies in Japan putting their best qualities forward to achieve the next generation of ultra-fast internet.
6G internet brings completely new advancements to technology and communicationThe highest generation of internet right now is 5G and is the current standard
The announcement of the new 6G breakthrough came in a press release on April 11 and the four companies involved include DOCOMO, NTT, NEC, and Fujitsu.
5G internet operates from 6-40 GHz while the new 6G test operated at much higher bands in 100 GHz and 300 GHz.
The 6G transmitter transferred data at 100 Gbps per second at 100 GHz indoors and 300 GHz outdoors over 328 feet, per the release.
The highest generation of internet right now is 5G and is the current standard.
Using higher frequency bands allows for much faster internet speeds and is the plan of how to achieve the next generation.
“High-capacity wireless communication is expected to be achieved by exploiting the abundant bandwidth available in the sub-terahertz band from 100 GHz to 300 GHz,” the release said.
The 6G potential is 500 times faster than the average 5G t-Mobile speeds in the US, according to Statista.
Its speed can also be compared to transferring five HD movies wirelessly per second, per Live Science.
The tech companies have hinted that 6G will allow for groundbreaking new ventures.
This includes extremely high-quality video streaming, better control for self-driving cars, and faster communication.
Some other advancements to look forward to include smoother operation for: Virtual Reality (VR)
*Metaverse
*Metaverse applications
*Mixed Reality experiences.
*Fully Automated Vehicles
*Hovercraft and other flying machines
*It will also support brand new technologies like Holographic images and Holographic Communication (seeing g a hologram of the person you are talking to emanate from a phone as an example)
“In the 6G era, when wireless networks are envisioned supporting diverse applications ranging from ultra-HD video streaming to real-time control in autonomous vehicles, as well as increasing communication demands,” the press release said.
WORKING THROUGH KINKS
Implementing the new high-speed 6G will come with some complications though.
The experts explained completed new devices will need to be made that can handle the high-frequency bands.
This is because of the large difference between what 5G devices are currently operating at and the high-frequency band 6G would need.
“However, compared to 28 GHz and other millimeter bands used in current 5G systems, the much higher frequencies of the sub-terahertz band will require entirely different wireless devices that are now being developed from scratch,” the press release said.
To be successful, this effort will need to overcome several key challenges, such as determining the specific performance requirements of wireless devices operating in the sub-terahertz band, and then actually developing such devices.Press Release
“To be successful, this effort will need to overcome several key challenges, such as determining the specific performance requirements of wireless devices operating in the sub-terahertz band, and then actually developing such devices.”
The next move for the four tech companies is to keep working out the kinks and utilizing each company’s strengths to make 6G a reality.
“Going forward, the four companies will continue to conduct extensive research and development into sub-terahertz telecommunications,” the press release said.
“Leveraging each company’s strengths in various initiatives to contribute to 6G standardization.”
Google is the most popular email provider (Gmail) contributes about 70% of the email traffic on earth and being one of the oldest mass adopted email service (passing 20 years old is a worth achievement for any application, especially a “free” one.
As a cyber security digital expert, I have raved about the free service, its novel cloud-based structure, and how and why is
While I’m tickled to have been an early adopter of now-successful technology, though, it’s important to know when enough is enough. For me, that time has come, and I’m moving my primary digital correspondence to privacy-focused Swiss provider Proton Mail. It’s been a long time coming.
Should I, or should I not be popular?
Google is a Mega Monopoly Email Provider: Legal, but is it Ethical?
We’ve seen a lot go down in the privacy and security realms over the last two decades. Google’s been far from the only culprit, but as the default search engine for most browsers and the curator of Android, the Play Store, Google Analytics, reCaptchas, and more, the Big G has more data on the average North American user than any other corporation.
I’m as far from paranoid as any internet user, and even I use a VPN (primarily for spoofing IP geolocation); while I don’t do anything nefarious, and nobody’s tracking me for anything other than advertising, I prefer knowing I’m a little safer from bad actors that can hijack the content I’m viewing and thus possibly my hardware.
But Google creeps me out, and I’m no longer comfortable using Gmail. The successors to the FAANG stocks, the MAMAA companies (Meta, Apple, Microsoft, Amazon, and Alphabet) own a considerable amount of not just forward-facing web resources but also the underlying infrastructure most of the world’s internet relies on. I can’t avoid my data passing through the Google Cloud or Amazon Web Services, but I can limit what sites and apps I actively engage with.
Gmail’s interface is fine, I guess, if somewhat cluttered and not very attractive
Google’s always innocent until it’s not
Until 2017, Google automatically scanned Gmail accounts for keywords that it then used to personalize ads within the platform and probably outside it, too. Here’s why that should terrify you:
It had likely been happening since Gmail’s launch
Scans included messages from non-Gmail accounts, presumably contributing to shadow accounts containing data on those users
Widespread publicity via a 2013 Microsoft ad campaign and lawsuit the same year failed to stop it
Google’s proposed settlement was rejected for being overly vague and failing to promise proper disclosure of data harvesting practices
I’m under no misconception that I can extricate myself entirely from Google’s clutches; It’s too ubiquitous, and tons of common apps and services rely on its wide range of services. But I’ll do what I can, which includes moving to Proton Mail, a privacy-centric email provider with encrypted, underground servers, practically the polar opposite of Alphabet Inc.
Google paid over $26 billion in 2021 to remain the default search engine in various browsers
The surprisingly easy switch to Proton Mail
Why Proton Mail is my new favorite email provider
My own Proton account has been used as a backup since 2018. Moat recently though, it has now become my primary email for both personal and business.
I tested a trial of ProtonVPN a few years afo (ProtonVPN was a bit slow back then, but I and other cyber security expert highly recommend it as one of today’s top VPNs) due to its increased infrastructure and massive much faster speed. They have quadrupled the number of Servers globally since 2021).
I made the jump many years ago (2018) and highly recommend it to all of you going forward – primarily due to Proton’s comprehensive set of features, as well as the policies it enacts to keep your data private.
Among Proton’s consumer-friendly practices:
It opposes data harvesting, ads, and trackers (even the subversive tracking that comes from opening third-party-hosted images)
It falls under Switzerland’s privacy jurisdiction and isn’t subject to US surveillance
Theoretically, no other human can view your emails. In fact, if you lose and need to reset your password, you’ll lose access to previous messages, an impressive layer of security against hacking
Support for end-to-end encryption between Proton users and password protection for external emails
Open-source encryption (including optional PGP signing) and independent auditing to ensure strict adherence to standards
A few clicks, and I never have to access my Gmail page again
Compared to my first brief look years ago, Proton’s UI and general implementation have matured significantly. It was also a breeze to sit back and observe how easy it was to have over 100 (128 and counting!) forward over 100 (121 and counting!) of my Client’s perform the action of transferring each of their current Gmail messages to their now-primary Proton address, and the calendar appears to have integrated well, with alerts showing up consistently on both Android and iPhones without problems.
They are perfectly happy with the features provided by Proton’s most affordable tier, the Mail Plus plan. You can create 10 separate addresses and even a custom domain, as well as shorten the default existing domain to pm.me (because @protonmail.com is, admittedly, a bit of a mouthful).
It includes 15GB of storage, unlimited folders and filters, and can do everything I ever wanted my Gmail account to do. Most importantly, it keeps their permanent correspondence out of Alphabet’s umbrella and especially any private or confidential emails, as well as people who send it to them that don’t even use Gmail!
Proton offers diverse Subscription Plans (including Free!)
You can actually use Proton Mail entirely for free, although it does have restrictions: You are limited to 150 emails per day and 1GB of storage, can’t create custom addresses or domains, and won’t have access to the calendar, or the encrypted password manager and unlimited VPN offered by the Proton Unlimited subscription. But even the free tier is visually and more private and securr, as well as overall being much better than Gmail.
Committing to 1 or 2 years of the $5/month low tier drops the price to $4 or $3.50, respectively.
The Unlimited tier will set you back $10 or $8 per month at those same subscription lengths and afford you 500GB of storage, 15 custom addresses, 3 custom domains, and unlimited VPN and Proton Pass (its password manager) access. There is also a six-user family plan starting at $30 and three tiers of slightly more business-focused options.
But I’m really not advertising for Proton here. I’m just choosing to actively take my digital footprint back into my own hands in a way many of us haven’t done since Gmail’s massive rise over a decade ago. It’s well overdue, and over the few weeks I’ve used Proton Mail full-time, I can’t say I regret it or will ever look back.
In an unprecedented move, a recent court order has now mandated YouTube to disclose the identities of individuals who have viewed certain videos. This decision, stemming from legal proceedings that scrutinized specific content on the platform, marks a significant shift in online privacy dynamics, raising concerns among digital rights advocates and everyday users alike.
What Does This Mean for You?
The ruling necessitates YouTube to reveal viewer details, potentially exposing individuals’ viewing habits and preferences. In an era where digital privacy is already under siege, this development adds another layer of vulnerability, highlighting the necessity for robust measures to safeguard online anonymity.
Safeguard Your YouTube Browsing with Nordman VPN
In response to these growing privacy concerns, turning to reliable security solutions like Nordman VPN becomes paramount. Nordman VPN stands out as a beacon of digital privacy, offering top-tier encryption and IP masking features that ensure your YouTube activities remain confidential and untraceable.
Why Choose Nordman?
Enhanced Privacy: Nordman VPN encrypts your internet connection, keeping your online activities private and secure from prying eyes.
IP Anonymity: It masks your real IP address, making your YouTube viewing habits invisible to outsiders, including ISPs and third parties.
Ease of Use: With user-friendly interfaces and seamless integration, Nordman ensures that your online privacy protection is hassle-free and efficient.
Embrace Your Digital Freedom
While the digital realm continues to evolve, often bringing complex challenges to the fore, tools like Nordman VPN empower you to take control of your online privacy. In light of the recent YouTube ruling, adopting Nordman VPN isn’t just a choice—it’s a necessity for those who value their digital freedom and wish to maintain a private, secure online presence.
Stay Informed, Stay Secure
As advocates for digital rights and privacy, we must stay informed and proactive in protecting our online spaces. By choosing robust security solutions like Nordman VPN, you can safeguard your digital footprint and continue to enjoy the vast world of YouTube without compromising your privacy.
Geobox: A Hacking Device That Is Basically Untraceable
In summary, a Geobox transforms the mini-computer Raspberry Pi into a Swiss-army knife type of hacking device!
Sold for a lifetime fee of $700 or a monthly rate of $80, the software is able to:
1. Spoof location
2. Mimic Wi-Fi access points
3. Manipulate DNS and network parameters while providing anonymity.
4. Copying and emulating the same commonly used Wi-Fi landing page that most restaurants and concerts use to log on to avoid suspicion. The operators can even charge 0.99 cents or more depending on the location/Clients of where they are located at (such as a fitness gym, where the upcharge is usually $2.99 for unlimited data use or free for limited data).
Imagination is not required: this Geotool allows any person to set up a virtually untraceable Wi-Fi box that most people take for granted and can own all of the data or even the device or laptop once one connects to it!
After researching a few operators using it at a popular tourist site (March, 2024), it was observed that “three malicious individuals utilized several Geobox devices, each connected to the internet. These devices served as proxies, significantly enhancing their anonymity. This approach complicated the investigation and tracking process for any one attempting to investigate them using them, especially since, by default, Geobox devices do not store any logs nor any digital or paper trail for themselves or whomever logs on to the created Wi-Fi access point. They also have an amazing choice: to either create a Wi-Fi point similar to the official location name of where they are operating from, such as naming it “McDonald’s Free Wi-fi”
OR
They simply use it for their own fully anonymous purposes, such as emulating an internal Wi-Fi access point; which is quite common at Malls, shopping areas and concert venues where the general public or even workers/vendors would have no ability to distinguish between a Geobox created Wi-Fi point and the authentic one. To make it even more authentic, an operator would mimic the secure password of the host site – such as a popular shopping Mall’s password for internal Employees/Vendors.
It only takes these bad actors 2 – 5 minutes on average by simply using the popular $300 Flipper device to get the password or passcode of any device or Wi-Fi router today as well in combination with the Geobox!
Raspberry Pi is a widespread, low-cost, and small single-board computer used for various projects and praised by enthusiasts.
However, with Geobox, it is transformed “into a potent weapon for digital deception.” Malicious software is specifically designed for the Raspberry Pi 4 Model B with at least 4GB of RAM.
The price is $700 for lifetime, which is very cheap and affordable considering the amount of data, private and personal information it can easily obtain within a few minutes of being set up once just one person unwittingly connects to it in this day and age of people expecting free or low-cost internet everywhere!
These device operators also have the ability to create a bogus free or one-time .99 cent-for-24 hour unlimited internet access via a simple landing page to mask and emulate, as an example, your favorite restaurants like McDonald’s or Starbucks!
With Geobox, malicious actors target a broad audience as the setup process is streamlined, clear, and concise, with easy-to-follow instructions also provided. The manual links to the official Raspberry website for OS installation.
Multiple tools are included with Geobox: multiple VPN connections, GPS and Wi-Fi emulation, DNS configuration, data substitution tools, network configurators, and others.
The Geobox Can Be Easily Used For Anonymous Geolocation or Multiple Internet Purposes
“The device’s functionality is diverse, allowing for various forms of digital manipulation and disguise. Key features include the ability to use WebRTC IP for discreet online communication and GPS spoofing to simulate different geographical locations, which is particularly valuable for activities that require geolocation manipulation. Furthermore, the Geobox can completely mask (hide) Wi-Fi MAC addresses, making the user’s network activity more difficult to trace.”
*Most High Schools and Colleges Use Wi-Fi MAC Addresses As Standard Internet and Wi-Fi Usage Tracking Controls*
The emergence of Geobox raises significant concerns and introduces new complexities for cybersecurity – as well as the general public! One simple dot or variation of a “Starbucks or McDonalds Wi-Fi” authentic connecting point at any location is all it takes for operators of a Geobox to own and obtain all of the data on your laptop/phone or any other connected device!
Armed with such an affordable and easy to obtain cyber device, operators can easily carry and coordinate various attacks; such as being a data dump for anyone logging on to the newly created “free Wi-Fi” identity theft and credit card fraud under the veil of anonymity, circumventing network restrictions and surveillance, malware distribution, credential stuffing, spreading misinformation, content piracy, etc.
It was observed one operator used Geobox in combination with two LTE-based wireless modems, “proxyfying connections via multiple chains of SOCKS and PROXY servers globally and automatic pseudo-randomly via AI”. In essence, these easy proxy steps further ensure they are anonymous and cannot be tracked unless known to be doing this activity in advance!
Leveraging several devices deployed in various locations using this model is easy if the operator has a few friends working as a small tight-knit team. Note that this device can be easily carried in a purse, bag or backpack; easily disguisable as simply being a popular Notebook or laptop.
“Once the malicious action has been conducted – they can simply wipe the device or physically destroy it if they have a hunch that they are being monitored or tracked – but this device is so cheap, simple and easy that the chances of them getting caught are slim to none and thus they simply move it to other locations depending on their intent and motives – such as an up coming concert venue or local restaurant that people go to fully expecting and using free Wi-Fi”.
Apple iPhone Users Targeted As Increased Password Reset Scams Skyrocket In 2024
New password reset attack targets Apple device users
Scammers are taking advantage of Apple’s password reset tool in a new ‘MFA bombing’ attack.
d3sign/Getty Images
Apple device owners are facing a new phishing hack that uses “multi-factor authentication (MFA) bombing” to steal their data.
Several Apple users in have reported a hacking attempt that appears to take advantage of Apple’s password reset feature, KrebsOnSecurity reported, citing people who have been targeted. The scammers have used Apple’s password reset tool to spam their targets with dozens, if not hundreds, of notifications, asking the user to reset their Apple ID password.
Pressing the “Allow” option gets the scammers one step closer to resetting the user’s credentials because that device could then be used to create a new Apple ID password.
Unfortunately, tapping “Don’t Allow” on all the notifications doesn’t solve the problem.
After those targeted by the scam chose to not allow their passwords to be reset, they received phone calls from the scammers claiming they were from Apple’s support team, according to the report. Their goal was to send a password reset code to the user’s device and have the user tell them the code. Armed with that information, the scammers could simply reset the Apple ID password and get full access to the user’s account.
Since Krebs’ sources didn’t press “Allow” on the notification, it’s unclear what the scammers would have done in that scenario. Presumably, the scammers would still likely need to call the target, again acting as Apple support, and fool them into resetting the password on their device and sharing it with the hacker.
Phishing attacks have been used for decades to target unsuspecting victims. But in recent years, scammers have increasingly turned to phishing as a desirable way to steal passwords, delete data, and ultimately steal money from their victims.
In 2022, mobile phishing attacks were up a whopping 61% year-over-year in just a six-month period, according to security provider SlashNext. The company said mobile users faced 255 million phishing attacks during that period.
It’s unclear how many Apple users have been impacted by this MFA bombing attack. However, Krebs’ sources reported that they received notifications on their iPhones, Apple Watches, and Macs, suggesting the attack isn’t just limited to one type of Apple device. What’s worse, there’s no simple way to stop it.
One of Krebs’ sources said they called Apple for help with the attack and the company said they should create a recovery key, a 28-character code that they would need to input to change their Apple ID password.
However, after creating a recovery code, Krebs reported that it was still possible to trigger the notifications the users saw when targeted by the spammers. It appears Apple’s password reset feature may be to blame and until the company changes how that works, hackers could conceivably continue to exploit the flaw and target users.
For now, if you’re an Apple user, your only option is to stay in the know and remain vigilant. If you receive a slew of password reset requests that you didn’t initiate, be sure to always choose the “Don’t Allow” option on the notifications.
Don’t be tempted to choose “Allow” simply because the notifications aren’t allowing you to use other apps or services on your device — a core component in the fraudsters’ plan. Even if you don’t choose “Allow,” be prepared for a call and be sure not to answer it.
Additionally, Apple has made it clear that the company does not call any of its users directly. So, if you receive a number from 1-800-275-2273 (Apple’s actual support line that the scammers are spoofing to make their calls seem legitimate), don’t pick up and definitely don’t provide any information to the caller.
If you receive a calendar invite to view new fax documents, be careful – it’s most likely a phishing attack, attempting to obtain your identity and login credentials for your corporate accounts.
It all starts with a hijacked email account, which uses a compromised identity to send out a message containing an invitation to “view newly received documents”, via a link.
In today’s digital landscape, receiving a calendar invite for a meeting is as common as checking your email. However, amidst the sea of legitimate invites lies a new threat targeting Mac users. Hackers have now found a way to exploit calendar invites and meeting links, using them as vectors to inject malware onto unsuspecting systems.
Cyber criminals are leveraging the popularity of scheduling tools like Calendly to execute their nefarious schemes. Unlike traditional malware attacks focused on financial gain, this tactic aims to compromise users’ systems for cryptocurrency theft.
Moreover, these malicious actors are employing sophisticated social engineering tactics, presenting fake video conference links to lure unsuspecting victims into clicking. The days of Mac users feeling immune to malware threats are officially behind us.
However, all hope is not lost. By practicing vigilant cyber hygiene and exercising caution before clicking on any suspicious links or invites, Mac users can shield themselves from falling prey to these insidious malware infections. Here is another example of the most recent Calendly link cybersecurity shenanigans:
If you receive a calendar invitation to see fresh fax papers, be cautious: it’s almost certainly a phishing effort to steal your identity and login credentials for your corporate accounts.
INKY cybersecurity researchers issued the warning, which revealed the phishing effort that was initially discovered at the end of February 2022.
It all starts with a hacked email account that sends out a message inviting recipients to “see newly received documents” via a URL using a compromised identity.
It appears to be a Calendly calendar link at first glance. Calendly was most likely used, according to INKY, because anyone may sign up for a free account without having to provide their credit card information.
The plot thickens at this point. The invite pages on Calendly can be customized. The Add Custom Link function allowed criminals to construct a fake fax document notification with all of the standard fax data (number of pages or file size, for example), then inject a malicious link on the event page using the Add Custom Link tool.
The victim is taken to the credential-harvesting page after clicking on the “preview document” link. The page in this instance is a spoof of Microsoft. However, hovering over the link reveals where it leads: INKY cautions users of https://dasigndesigns[.]com/ss/update/index.html, a hijacked site that is listed in Google, Firefox, and Netcraft threat feeds.
If the victim enters their login credentials here, the attackers will receive them, and the victim will receive an error message stating that an invalid password was input. The victim would be sent to their site after the second attempt, which the researchers regarded as a “smart touch” that reduces the suspicion.
How to Track Anyone’s IP using Images? — Email, QR Code, PDF, EXE, MS Word, MS Excel, & any file can be a “digital mouse trap”..
Supported Tokens: HTTP, DNS, Web Image, Cloned Website, Adobe PDF, MS Word, MS Excel, MySQL Dump, Windows Directory, Custom EXE, QR Code, Sensitive Command, SVN, AWS API Keys, Fast Redirect, Slow Redirect, SQL Server, and many more…
Today I’ll teach you how to track anyone’s IP using Transparent Images! Yeah..
We will first understand the whole concept then redirect towards the step by step usage guide. You can even do this manually using custom developed payloads but it’s a more better way to do this easily. I’ll help you with that today, by providing easy steps you can follow. Let’s start learning..
Understanding Canarytokens
Canarytokens are like digital traps for your computer systems. They work by watching for certain actions, such as someone reading a file, making a database query, running a process, or spotting specific patterns in log files. It’s similar to those tracking images in emails, but instead of tracking opens, it tracks actions on your system.
The cool thing is, we can use Canarytokens to set up these traps in our regular computer systems, kind of like putting alarms in different parts of your house where anything someone does can set off an “alarm” – or at least a notification.
Now, why should you bother with these Canarytokens? Well, sometimes hackers get into computer networks, and it happens to big companies, governments, regular people — basically, everyone. That part is understandable. But what’s not okay is only finding out about it way later, like months or even years down the line which seems disappointing!!
Canarytokens are a free, easy, and fast way to help you know right away if someone is messing around in your systems. It’s like the hackers accidentally letting you know they’re there.
Web bug / URL token — Alert when a URL is visited
DNS token — Alert when a hostname is requested
AWS keys — Alert when AWS key is used
Azure Login Certificate — Azure Service Principal certificate that alerts when used to login with.
Sensitive command token — Alert when a suspicious Windows command is run
Microsoft Word document — Get alerted when a document is opened in Microsoft Word
Microsoft Excel document — Get alerted when a document is opened in Microsoft Excel
Kubeconfig token — Alert when a Kubeconfig is used
WireGuard VPN — Alert when a WireGuard VPN client config is used
Cloned website — Trigger an alert when your website is cloned
QR code — Generate a QR code for physical tokens
MySQL dump — Get alerted when a MySQL dump is loaded
Windows folder — Be notified when a Windows Folder is browsed in Windows Explorer
Log4Shell — Alert when a log4j log line is vulnerable to CVE-2021–44228
Fast redirect — Alert when a URL is visited, User is redirected
Slow redirect — Alert when a URL is visited, User is redirected (More info is grabbed!)
Custom image web bug — Alert when an image you uploaded is viewed
Acrobat Reader PDF document — Get alerted when a PDF document is opened in Acrobat Reader
Custom exe / binary — Fire an alert when an EXE or DLL is executed
Microsoft SQL Server — Get alerted when MS SQL Server databases are accessed
SVN — Alert when someone checks out an SVN repository
Unique email address — Alert when an email is sent to a unique address
Step-by-Step Usage
Go to canarytokens.org & choose your Canarytoken. This is like setting up a digital trap. Provide an email where you want to be notified and a note to remind yourself where you placed it.
Generate a Canarytoken, which is a unique URL or Fast redirect or anything else – it is all your choice. It’s like creating a secret link that will trigger an alert if someone interacts with it. In this blog I’ll be using Fast redirect as an example.
EXAMPLE
Put the generated Canarytoken in a special location & send it to the target. It could be in an email, a document, or even as an embedded image. If a target arrives upon it, you’ll receive an email notification, alerting you that something is off – just like a mouse activating a mouse trap :–)
Clicked..Your Digital Mouse Trap Is Set!
Fast Redirect was really super fast.. Later I tried using URL shortener and surprisingly, our main URL was not even noticeable in real time..
If your target hits the URL/File, like shown in the example above, your token gets activated & alerted to email or webhook as below:
You can also rename the generated PDF/Excel/Word document without affecting its operation!
The Apple Macintosh was the first successful mass-market PC designed with elegance and aesthetics in mind. On Wednesday, January 24, 2024 it turns 40.
A young Steve Jobs, left, with Apple co-founder Steve Wozniak
On Wednesday, January 24, 2024 Apple Macintosh turns 40.
Born in 1984, the year in which George Orwell’s dystopian novel is set, the Macintosh represented a breakaway from the bland grey of corporate computing power that IBM embodied.
From the perspective of Apple co-founder Steve Jobs, IBM was a representation of Orwell’s power-hungry “Big Brother”.
“It appears IBM wants it all. Apple is considered the only force that can give IBM a run for it’s money. Will Big Blue dominate the entire computer industry? The entire information age? Was George Orwell right?” Jobs said at the Macintosh launch. (Big Blue was a term commonly used at the time to refer to IBM, which at the time was the computer industry’s biggest company – by far.)
Mac Creativity At Its Finest: 1984 Commercial
The original Mac featured an 8MHz Motorola 68000 processor, 64KB of RAM and a 400KB floppy disk drive.
And just like that, the Macintosh (shortened to just “Mac” after 1999) had arrived – and the computer industry would never be the same again.
Although competitive from a technical point of view – featuring an 8MHz Motorola 68000 processor, 64KB of RAM and a 400KB floppy disk drive – what set the Macintosh apart from rivals – including the then-newly launched IBM PC, the Commodore and the Tandy – was the humanist ethos reflected in its design. The Macintosh was beautiful to look at and, unlike the PC with its command-line interface (DOS), easy to use.
GUI and Mouse
Typical of his obsessive and unwavering personality, Jobs had insisted that the Macintosh use a graphical user interface (GUI) and a mouse, features carried over from the Lisa – an expensive and unpopular computer Apple had released a year earlier – that have defined the standard PC interface ever since.
The GUI could also display text in a variety of fonts, sizes and variants – another feature Jobs insisted on, this one influenced by a calligraphy course he took before dropping out of college.“It was the first computer with beautiful typography,” Jobs later said at his iconic Standford commencement address. “If I had never dropped in on that single course in college, the Mac would have never had multiple typefaces or proportionally spaced fonts. And since Windows just copied the Mac, it’s likely that no personal computer would have them.”
No Slowing Down Today In 2024 And Beyond For Mac
Another iconic Mac from the 1990s – the iMac G3 – was sold from 1998 to 2003 and is considered to be one of the most gorgeous computers ever made. The G3 was the first product released after Jobs’s return to Apple following an 11-year hiatus and signaled a renaissance at the company.
The Mac would go through another chip overhaul when Apple switched to Intel chips in 2006. That same year, Apple introduced the first MacBook Pro, which featured a sleek aluminum design and Intel Xeon processors, making it a popular choice for professionals. The MacBook Air followed in 2008 and was the thinnest laptop in the world at the time, weighing only 1.36kg and measuring 1.93cm at its thickest point.
In 2012, Apple launched the MacBook Pro with Retina Display, which had a high-resolution display and a slim design.
The 2015 MacBook Pro represented the end of an era in terms of connectivity and aesthetics. Later generations would do away with the full-sized SD card slot, HDMI, USB-A and MagSafe magnetic power ports in favor of a sleeker design. It was also the last MacBook to feature an Apple logo that glowed when the machine was powered up.
Happy 2024 Everyone and realize that even after 40 years, the Mac is still going strong, supported by a loyal and growing army of fans. The Mac – in all its guises – is today slimmer, smarter and faster than ever. Apple Silicon and a great design ethos is keeping Jobs’s original design philosophy alive.
The pricing, however, may not be as well aligned to “the PC for everyone else” that Jobs intended the original Mac to be compared to non-Mac PC’s at least for today – but it keeps the handsome profits at Jobs-like levels for sure!
For 2024, Google and Yahoo are rolling out updated guidelines for bulk email senders, aimed at boosting deliverability and fighting the good fight against spam. This is good news: not only will it positively impact your deliverability, it’s easy to implement.
Why the update?
It’s simple: to create a cleaner, more secure environment for both senders and recipients. The new requirements fall into three key categories:
Authentication: Email authentication verifies you’re a legitimate sender, not a spammer. If you’re sending emails already, you’ve probably already taken the first step by setting up SPF (sender policy framework) and DKIM (domainkeys identified mail) records, even if you weren’t sure what they did. Now, the next crucial step is publishing a DMARC policy.
Simple unsubscribes: No more requiring users to authenticate or navigate labyrinthine unsubscribe processes. One-click unsubscribe provides a better user experience. Luckily, if you’ve already been offering this option, you’re already ahead of the curve!
Spam complaints: If you’re diligently collecting opt-ins with proper consent, spam complaints likely won’t be a concern. But it’s always good practice to maintain a healthy email list and engage your audience thoughtfully.
So what is DMARC?
The DMARC policy (Domain-based Message Authentication, Reporting & Conformance) acts as your email’s official security document, telling the world how to handle messages claiming to be from your domain.
Setting it up properly is essential today because many Email List Providers (such as small businesses) are already being surprised that their E-Mail Success % Rates Are Decreasing Just This Week (Google and Yahoo Domain Emails Began Enforcement On February 2nd, 2024).By February 1, 2024, publish your DMARC policy with your domain provider. Ensure this TXT record is added to your DNS settings with “yourdomain.com” replaced with your actual company domain:
It is actually straight-forward for most technical savvy folks whether you manage DNS yourself or need to put in a ticket so that your IT team can handle the DNS settings. (You can learn even more about DMARC records, including other options like adding a “rua” value to designate an email address that will receive DMARC reports, in Google’s documentation here.
These new email requirements might seem like extra hurdles, but they’re ultimately a positive step towards a more reliable and enjoyable email experience for everyone. By taking the small steps outlined above, you can ensure your business thrives under the new rules, reaching your target audience effectively and building lasting relationships. TECHNICAL DETAILS ABOUT DMARC IF YOU WANT TO DIVE DEEPER:
Domain-Based Message Authentication, Reporting and Conformance (DMARC) is an email authentication policy that protects against bad actors using fake email addresses disguised to look like legitimate emails from trusted sources.
DMARC makes it easier for email senders and receivers to determine whether or not an email legitimately originated from the identified sender. Further, DMARC provides the user with instructions for handling the email if it is fraudulent.
WHY SHOULD ORGANIZATIONS LIKE YOURS BE INTERESTED IN DMARC?
Phishing and Spearphishing are among the top attack vectors for any organization dealing with PII (Personal Identifying Information), which can lead to identity impact, financial fraud, or even protected health information (PHI) breaches and Health Insurance Portability and Accountability Act (HIPAA) fines --> why? Because many individuals in the "black market" underground will access, buy, and sell that PII for non-Citizens/those who do not have health insurance-->they will be using it for their own "services" with fake ID presented as the same name and person that your company revealed their PII.
Summary: Your/Your Company liability can be far more reaching than you could ever imagine. It happens every day in the United States where "Joe" walks up to the urgent care or hospital needing emergency care with someone else's ID/SSN/healthcare insurance information all for the right price!
Fraudulent emails are easy to design and cheap to send, which gives threat actors incentive to use repeated email attacks. DMARC provides an automated approach to reducing fraudulent email, before it ever reaches an employee’s inbox. In addition, DMARC helps prevent adversaries sending email to your organization or others purportedly from your staff.
HOW DOES DMARC WORK?
DMARC removes guesswork from the receiver’s handling of emails from non-authoritative email servers, reducing the user’s exposure to potentially fraudulent and harmful messages. A DMARC policy allows a sender to indicate that their emails are protected by Sender Policy Framework (SPF) and/or Domain Keys Identified Message (DKIM), both of which are industry-recognized email authentication techniques. DMARC also provides instructions on how the receiver should handle emails that fail to pass SPF or DKIM authentication. Options include sending the email to quarantine or rejecting it entirely.
DMARC provides the receiver with an email address to provide feedback to the sender.
Potential feedback can include that the sender’s email was rejected/quarantined by the receiver or that a threat actor is attempting to imitate the sender’s domain.
HOW CAN I ADOPT DMARC ON MY DOMAIN?
Savvy organizations that adopt DMARC do so in strategic stages, with feedback loops between IT departments and their staff (depending on the size of the organization of course!). Because DMARC can block third parties delivering mail on the purported sender’s behalf, some intended messages may be flagged as illegitimate in some cases - which is a very small price to pay (risk vs. reward) in cybersecurity honestly.
Below Are A Few Steps Organizations Can Take To Ease Into DMARC Over Time:
1. Deploy DKIM & SPF in reporting-only mode first, listing known authorized email servers (such as vendors and trusted internal/external Partners).
2. Collect and review reports to identify unknown email servers.
3. Work with business units and IT staff to identify servers and determine their legitimacy.
4. Update DMARC policy flags to “quarantine” then to “reject” as confidence increases that most or all legitimate
servers have been accounted for.
%20(2).webp "Google Cloud Accidentally Deletes 5 Billion Pension Fund’s Online Account")
EXAMPLE
