Stein Solutions

07/27/2025

This just goes to show you when it comes to greed and criminal behavior, people will go to lengths you can't even imagine until you read about it.

North Korea made millions from the scheme.

06/30/2025

Breaches occur all the time and it's a bad look for the CISO of the company who expects to be fired (a scapegoat is needed) and that CISO gets a better paying job -- not that he is unqualified but because that's how the carousel of CISOs work. It's understood you will be employed and receive bonuses until a breach, no matter whose fault it is and how unavoidable it was. Additionally, they are expected to reduce headcount because of AI -- a mistake but profits and the shareholders always trump over anything else. IMO. I learned this from a highly regard CISO at a conference where he described to the audience how this is normal and how his genius friends all accept that as normal. Thus I expect a change in Krispy Kreme CISO in the next few months. Thoughts?

Krispy Kreme is warning tens of thousands of Americans that they are now at risk of identity theft and fraud following a major cybersecurity incident.

06/30/2025

On this page I have recently slowed down posting my know-how that I feel does not get print in security blogs, linkedin, etc. My focus is elderly people (50s - 100s) getting scammed and needing to understand basics - I try to teach in a simple way that goes against the grain of what they (and many other younger readers) think, namely the myth that your PC, Mac, iPad, iPhone, Android phone is safe. Or about the scams very well documented on the AARP site.
Examples:
1. 95% of extensions you will install are now or in the next few years will be unsafe, not 1/10 of 1%.
2. Same for apps from the Microsoft Store.
3. Just say "NO" to everything. You won't miss out on anything and will be a lot safer - (Nancy Reagan).
4. Bad guys will always be one to two steps ahead of the good guys.
5. Your antivirus is not the weakest link on your computer. Why? Because 50% of all viruses out there today have not even been discovered yet by *ALL* (repeat *ALL*) antiviruses combined.
6. It is easy for the bad guys to write malware.
7. Companies don't care if they have a breach. They expect it. They understand it's not a matter of if, but when. Home consumers don't matter -- revenues come from selling software and services to profitable companies who take security seriously and don't overwork and underpay their security staff. When the breach happens, they report it and let you know the damage and next steps. But don't expect this from companies outside the Fortune 500 -- the lesser profitable companies and startups are usually security illiterate and sell to home users who download their apps that eventually gets breached/infiltrated and pushed out to you with the latest wonderful technology that silently pushed updates to users daily, weekly, etc. - almost impossible to stop a breached product/app. What must you do: self-educate, learn, learn, learn. "Assume the worst because it's even worse than that!"

Now here is a site that posts many recent articles that the editor thinks are relevant. How do I decide if this site is useful for me or you? I read/skim all the articles because I understand them. I ask myself "does this have relevance to the over-1000 humans I have helped in the last 12 years or what I learned when I managed 125 computers in a law firm and discovered over 150 new viruses in less than five years and got most of my gray hairs)." If the answer is yes, I will take note. If the entire page has 1/2 of it's articles with impactful relevance, I will share that with you. If there is only one article, I will share the one article with you.

As you read this, remember: the goal is to self-educate with ways a good mentor deems effective. Many companies or books offer training with the goal of profit in mind. I do this as a ministry to take my God-given skills and share with people who can't afford it (I still charge moderately because I just can't afford to do otherwise).

Now here is an exercise for you before you read the link articles below. Take this entire message and past it as a prompt to chatgpt or Gemini (I have no idea what it will say)...
***************
PROMPT: recently, a so-called security expert Harry Stein posted the following and on a scale of 1-10 where 1 he is an idiot and 10 he knows what he talking about, how would you rate him. No comments. Just a bottom-line rating. I will ask for comments afterwards.

Here is what he said:
[paste everything above the ******** line here]

I did this and my score was 9! I did not ask chatGPT to change my tone or grammar. I did not go back and read what I said. It's raw.

Thoughts?

Here is the shareable link and below is the blog site I am going to investigate this evening.

https://chatgpt.com/share/6862143c-1b4c-8004-941d-78c85e6f1495

https://dailyhodl.com/scams-hacks-breaches/

Shared via ChatGPT

06/30/2025

Using a browser, any browser, requires training in how not to get socially engineered. The bad buys have many interesting ways of getting their malware onto your computer. Train yourself by reading this article and use AI (for example, chatGPT, Gemini, Gronk) and ask it what "such and such" means for any sentence you don't quite understand. You will self-educate immeasurably applying this process. And remember: no matter how bad you think things are out there, they are 10x-1000x worse (I want to say 1000x but it will sound like I am exaggerating but I have lived and experienced 100s of these issues).

Comment here what you take away as the top 3 points. Don't be shy.

Google’s OAuth link is being weaponized to launch dynamic attacks

04/12/2025

As a bona fide security expert I have held CISA in the lowest regard. For example, last year the did a "RFC" (request for comments) on what they should provide in a statement of guidelines for security so as to reduce everyone's risk - a home user, a small business, a corporation. I was stunned at how poorly this was gathered, the quality of the comments, what was glaringly missing, and what the final guideline looked like. Of course I was looking at it *after* the fact - but had I seen the RFC I would not have bothered submitting all my suggestions because I already had the lowest respect for CISA after years of looking at their web site. Note this is just my opinion -- I am rather cynical about how corporate America handles security and I mentor my clients the "Stein Way". Anyway, it got worse when their director Christopher Krebs (no relation as far as I know to my hero Brian Krebs) hired by Joe Biden, did what he did to screw up Donald Trump. So, last week President Trump revoked his security privilege (Yah baby!) and President Trump is investigating how Krebs did his deeds ... here is the statement released by the Whitehouse. Worth reading.

https://www.whitehouse.gov/presidential-actions/2025/04/addressing-risks-from-chris-krebs-and-government-censorship/

Let me just add, that one of Chris Krebs cronies, an key person in Homeland Security by the name of Miles Taylor said this:

[quote]
"The dilemma — which he does not fully grasp — is that many of the senior officials in his own administration are working diligently from within to frustrate parts of his agenda and his worst inclinations.

I would know. I am one of them.

To be clear, ours is not the popular “resistance” of the left. We want the administration to succeed and think that many of its policies have already made America safer and more prosperous.

But we believe our first duty is to this country, and the president continues to act in a manner that is detrimental to the health of our republic."

https://www.nytimes.com/2018/09/05/opinion/trump-white-house-anonymous-resistance.html
[end-quote]

Of course CNN is honoring Taylor and Taylor/Krebs have yet to realize what Krebs facilitated and the attitude he and Taylor had per the above quote, is treason! Plain and simple. Don't let Rachel Madow or anyone else spin it any other way -- they will never mention the Taylor quote and what Krebs did with regarding to censoring factual news important for conservative and independent voters to know (Biden laptop, etc., etc. - just read the presser).

https://www.whitehouse.gov/presidential-actions/2025/04/addressing-risks-from-chris-krebs-and-government-censorship/

MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES The Federal Government has a constitutional duty and a moral responsibility to respect and

03/14/2025

I updated my LinkedIn resume with an experience. Apologies for being so cynical.
**********************************
Two week contract for a client who presented two Dell computers that imploded during a Microsoft Windows 11 Pro 23H2 to 24H2 update. The Hello pin stopped working and no workaround and a clean installation was required. The client is now imaging their computers and creating built-in local accounts but those accounts would not have helped a rather ugly issue that is one of these where Dell will point to Microsoft and Microsoft will point to Dell. This one we'll never know but if I were a betting man, I would speculate it is mostly on Dell. We still haven't got a response from their escalation engineer and don't expect to. What are you all hiding this week from your customers? Be careful, they may hire me to point a finger at you. With me, you can run, but you cannot hide. You will be Stein'd! I am a free bird no longer having to grovel and work for corporate America where KPIs and bad service trumps proper root-cause-analysis and modelling the Phil Cosby approach to Zero Defects. Meanwhile, I continue to dream about whistleblowing a company whose security practices threaten our national security but Krebs, the FBI, and other orgs ignore me. Which is just as well -- look what Facebook is doing to the lady who was a key employee there and foolishly signed a severance agreement 8 years ago with Facebook and tried to secretly publish what's going on there (you'll find the podcast on The Free Press). The risks for whistleblowing are absurd in this country. Shame on you all! Did anyone see Hawley grill the corrupt CEO of Boeing? Unbelievable. Thank God I am a Christian and know that Jesus and justice and His judgement always prevails!

Windows 11 24H2 Upgrade Killed PIN Login, Entra ID Mess – Anyone Else? We have two different Dell computers that experienced the exact same failure after Windows 11 24H2 was forced upon them in a s...

02/26/2025

Facebook constantly puts out click-bait ads and everyone is annoyed with them. I posted this explanation a bit ago on an ad from "Kindness Matters" saying Howie Mandel died today (false).
*******************************************************************

READ THIS! 🙂
Someone asked: *“Why does Meta allow fake stories/information like this?”

Feel free to **copy/paste this message** to help educate others. This is my opinion as a **security and digital forensics expert**:

🔹 Facebook/Meta likely allows these fake news ads as part of an internal experiment** on clickbait engagement and security testing.
- They might be tracking **(1) how many people click, (2) how many recognize the obvious date manipulation (2025 over 2024), and (3) whether their security tools can intercept malicious links.**
- Companies like **Proofpoint** perhaps already do this—running suspicious pages clicked on in emails in a virtual machine (VM) before allowing full access to the recipient.
🔹 This could be a security-driven approach, ensuring ads don’t lead to malware, scareware, or browser hijackers.
- If true, it’s a smart move.
- However, if Meta is knowingly allowing malicious clickbait to reach users, that is *unconscionable.*
🔹 Ever notice these ads always appear near the top of your newsfeed and seem impossible to block?
- That’s likely by design.
- Some of these links go to *harmless sites*, while others redirect to *dangerous ones.* We’ll never know how much Meta filters.
🔹 Reporting these ads is deliberately difficult.**
- There’s no “report clickbait” option** when you report them—only vague choices that don’t match the issue.
- That’s no accident IMO.
🔹 What can you do?
- Stay aware. If a post seems too shocking to be true, it probably is.
- Spread awareness. Meta profits from engagement, even if it’s misinformation.
- Follow my page for real security insights:
👉 [https://www.facebook.com/steinsolutions](https://www.facebook.com/steinsolutions)
💡 I'm not looking for business per se (other than complex troubleshooting) —just trying to educate people. Stay safe out there.

Blessings, Harry

02/03/2025

First it was the NSO group and now Paragon, both with zero-click (no click of a link necessary to infect the device) spyware. In the case of Paragon, the WhatsApp message would contain an attachment PDF and I am assuming just receiving the attachment triggered the spyware by way of WhatsApp having to read the PDF to verify it was not an issue -- and the PDF was designed to take advantage of a security deficiency (vulnerability) in the WhatsApp application or the device it is running on. Two links... the article about the Paragon spyware itself and a general article about zero-click so you can better understand. Remember: 50% of security is education!
https://www.theguardian.com/technology/2025/jan/31/whatsapp-israel-spyware
https://www.kaspersky.com/resource-center/definitions/what-is-zero-click-malware

Zero-click spyware is a malicious hack that requires no interaction from the user. Zero-click vulnerabilities, how does a zero-click attack work & how to protect yourself.

01/19/2025

I enjoy reading the CISA web site. The recently published a Bad Software Practices document for software developers and they are trying to get people to understand and pledge to try to do the actionable items in a 9-page document linked below which is the result of incorporating 78 public comments - I haven't been able to find these. The document was a quick read. It strikes me as being simplistic and minimalistic but anything is better than nothing -- SQL injection, stronger passwords, don't publish "secrets" (passwords) in source code, carefully choose and scrutinize open source. The most challenging item, to me, is how to get a voice out there. It's impossible. I have screamed and cried with ultra-important information only for it to fall on deaf ears. I am connected to a few important people but it helps this much: ZERO. I remain persistent, exhausted, and often feel defeated but I understand corporate America reaps what they sow. They never want to look at their empty heart for security practices. They instead focus on profits, KPIs, and producing mediocrity in areas of security - no problem if a breach happens: we have the staff to minimize the damage, show how we call in the troops (for example, the Microsoft Security consultants) to understand exactly what happened, and produce a report. Meanwhile, business as usual. Put pressure on CSOs to reduce staff by using more AI, discriminate against aging professionals who are smarter than all of your staff but "slower" and would even work for a pittance, and politics as usual. I can write a book about what is wrong and what can be done but I'm having too much fun doing what corporate America doesn't do: studying 100s (over 1000) real-world home users, small businesses under siege by criminals in the most complex and unimaginable ways and remaining two steps ahead of the good guys. I write deep-dive best of breed white papers for myself only, I advance custom DFIR tools using methods that only a craftsperson can do but are teachable if anyone would listen. And I do not lament too much and try to stay positive thanks to my Lord and Savior, Jesus Christ. The article is here and the same information is downloadable in a PDF. Have a blessed New Year!

This voluntary guidance provides an overview of product security bad practices that are deemed exceptionally risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs).

12/08/2024

No surprises here for me but good and STARTLING for (most of you) to read.

https://www.tomshardware.com/tech-industry/cyber-security/o-mg-usb-c-cable-ct-scan-reveals-sinister-active-electronics-contains-a-hidden-antenna-and-another-die-embedded-in-the-microcontroller

One of my clients purchased a refurbished desktop computer 2 yrs ago from one of the largest refurb resellers on eBay. He had some network issues and called me and I remoted in and determined the little 802 wifi transceiver plugged into a USB port was causing issues. The part wasn't necessary as the desktop already had a built-in wifi. But the reseller found it cheaper to just put one in every desktop vs. trying to create a process to determine if it really needed it or not. It's understandable as I identified the part as a $1.00 part from China. The Wifi behavior was very suspicious (details omitted) and I asked my friend to ship to me. I still have it.

But one of my expert security friends who has a small hardware company (20 employees) and has wifi hardware expertise was not interested in helping to reverse engineer it. Too busy with for-profit-products. I am so used to everyone rejecting every important potential issue I have discovered that I basically have just given up.

Corporations have to make a living and rather than worry about helping with volunteering experts in the community with submitted security projects they (mostly) decline. I think Google and Microsoft are an exception. The FBI declines almost everything unless there is $1/2M or more involved. Etc., etc.

So pretty good chance the eBay reseller is pushing out several thousand desktops per year spying on people with the $1 part. This, my friends is normal and why nothing should surprise you. Every company and every computer is A BREACH WAITING TO HAPPEN. China has an advantage: the researchers are required to work in a community out of loyalty and the companies they work at are not as profit driven as USA companies. Still, we Americans prefer our freedom so it becomes very challenging and very difficult to fight cybercrime. We will see what ideas President Trump has with help from many security savvy cronies (I hope!)

For now, we as a nation should be grateful for all the people doing a great job with breaking such stories like Brian Krebs, Bleeping Computers, Forbes, etc., etc. I enjoy keeping up with it. Thank you all for your time reading this message and Praise The Lord and Merry Christmas!!!!!!

Harry

A small package with a huge malicious potential.

12/05/2024

Customer texted me this letter. 100% scam. Very well done site.

Legit: https://www.mass.gov/news/massdot-alerts-customers-of-ezdrivema-scam
Fake: www.paybyplatema.com

Fortunately "D" (client) applied my rule "Scam 99.9% of the time and JUST SAY NO!"

11/03/2024

I am not a fan of a NAS for a home user. I understand it's benefits but in the end, it will be high maintenance in terms of keeping it up to date and most of my clients are not qualified to do this.

Without updates, a (for example) Synology NAS can become vulnerable to malware, ransomware, and unauthorized access, posing risks to both data security and device stability. Unpatched software may allow malware infections or botnet attacks that can spread to other devices on the network. No updates risks NOT preventing data corruption, unexpected crashes, and performance issues, which can otherwise compromise data integrity. Compatibility with new devices and apps can become problematic. Backup and recovery processes may experience data loss you don't even know about without checking logs and such. Everything is high maintenance for the home user or SMB -- this is due to the complexity of software and "programming in the large". You can call me for my preferred choices for network sharing or backups (hint: OneDrive or SharePoint although each of their own level of maintenance as well).

A vulnerability categorized as “critical” in a photo app installed by default on Synology network-attached storage devices could give attackers the ability to steal data and worse.