| Message-ID: <E6C175C7-B986-422D-8E27-819E8A6BA6EF@roscom.com>
Date: 13 Aug 2022 00:36:56 -0400
From: "Monty Solomon" <monty@roscom.com>
Subject: The Security Pros and Cons of Using Email Aliases
One way to tame your email inbox is to get in the habit of using
unique email aliases when signing up for new accounts online. Adding a
"+" character after the username portion of your email address –
followed by a notation specific to the site you're signing up at –
lets you create an infinite number of unique email addresses tied to
the same account. Aliases can help users detect breaches and fight
spam. But not all websites allow aliases, and they can complicate
account recovery. Here's a look at the pros and cons of adopting a
unique alias for each website.
https://krebsonsecurity.com/2022/08/the-security-pros-and-cons-of-using-email-aliases/
************************** Moderator's Note **************************
Adding an "alias" to your email user name is an old idea, but as the
story says, it comes with problems that not all users are prepared
for.
The root cause of email spam - and of thefts of username databases -
is that the Internet and the computers that connect to it were
designed by techies.  The problem with technical people (I am one) is
that when we're given a problem to solve, we put on an imaginary set
of horse blinkers and lose sight of everything between the problem and
the solution.
That's usually a good thing: it has made the United States one of the
most productive places for new ideas, and new ways to implement them,
in the world. But, it's a double-edged sword, and this self-imposed
tunnel vision has made it possible for bad actors to exploit the
Internet, and the phone network, for commercial gain: the simple fact
is that those whom designed the Internet and the telephone network did
not anticipate that outsiders would break their rules to make money.
That's where Blue Boxes came from, and spam, and database thefts, and
the "top 100" list of most-often-used passwords, and the myriad other
problems of the modern online world: it was designed by people whose
world-view litterally didn't include the notion of protecting their
work from attacks and manipulation by those seeking easy money and
easy influence and easier ammunition for blackmail and bribery.
Email aliases are too little, and too late, and too complicated.
Instead of playing whack-a-mole, we need to go back to first
principles: get mad, get together, and demand real laws with real
teeth in them that will bite those whom are taking advantage of the
innocense of the Internet's early years.
Bill Horne Message-ID: <F9DF9D82-3B46-4EF3-859C-8F48E5A1EDF2@roscom.com>
Date: 13 Aug 2022 08:24:04 -0400
From: "Monty Solomon" <monty@roscom.com>
Subject: Think You're Too Smart To Be Fooled By A Phisher? Think
 Again.
Think you're too smart to be fooled by a phisher? Think again.
By Dan Goodin
There has been a recent flurry of phishing attacks so surgically
precise and well-executed that they've managed to fool some of the
most aware people working in the cybersecurity industry. On Monday,
Tuesday, and Wednesday, two-factor authentication provider Twilio,
content delivery network Cloudflare, and network equipment maker Cisco
said phishers in possession of phone numbers belonging to employees
and employee family members had tricked their employees into revealing
their credentials. The phishers gained access to internal systems of
Twilio and Cisco. Cloudflare's hardware-based 2FA keys prevented the
phishers from accessing its systems.
https://arstechnica.com/information-technology/2022/08/im-a-security-reporter-and-got-fooled-by-a-blatant-phish/
************************* Moderator's Note *************************
Don't laugh: it happened to me. I managed to avoid a phishing scan
that /almost/ got me to enter my PayPal password on a site which
turned out to be in Mali, but after I patted myself on the back, I
realized that I had already entered my debit card number before being
"transferred to PayPal to complete the payment." You would not believe
how hard it is to get a debit card cancelled on a Saturday evening!
But, this isn't about a singel near-miss. The problem is that our
entire banking system has been denuded of human interaction and
face-to-face recognition. Passing a forged check to a real person is
very difficult, and it used to be that the only way to do banking
fraud was to convince real people that you were something you were
not. For practical purposes, that used to be "good enough" security.
No money lost (thank Ghod for online cancellation options), but
lesson learned: your greatest security weakness is yourself.
 Message-ID: <20220815164912.GA92520@telecomdigest.us>
Date: Mon, 15 Aug 2022 16:49:12 +0000
From: Telecom Digest Moderator
<telecomdigestsubmissions@remove-this.telecom-digest.org>
Subject: T-Mobile admits capacity issues with Home Internet service
By Matthew Keys
T-Mobile this week announced plans to roll out a version of its
T-Mobile Home Internet product that will expand the availability of
the service to homes where the company's network has reduced capacity.
The product, called T-Mobile Home Internet Lite, will offer fixed
wireless home Internet service on T-Mobiles network, but will come
with a cap on the amount of high-speed data a customer is allowed to
use each month.
https://thedesk.net/2022/08/t-mobile-home-internet-lite-network-capacity/
 |