Fitbit Flex Stepbot POC v.01
At my new job they have a fitbit step count challenge and if you can clock 40,000 steps in one day you can win a $100 gift card.
The only problem is that there is no way in the world I will ever legitimately get 40,000 steps in one day (The closest I ever came was 25,000 steps one day in London and I was near exhaustion when I made it back to my room).
So if I was ever going to get 40,000 steps in one day I was going to have to cheat. Note: I am not really cheating, I am using a secondary fitbit account for this.
Let me introduce you to Stepbot POC v.01:
With a $10 remote control car and a some electrical tape I can now average 120 steps a minute (172,800 a day) from the comfort of my desk chair.
The future plans for the Stepbot include
- Stepper Motor and Stand.
- Raspberry PI Intgeration
- Software to control steps per minute with web interface.
What Working In Politics Has Taught Me About InfoSec
As I get ready to wrap up 9 years running network security for the Missouri House tomorrow I thought it would be a good time to do one of those blog posts where I sum up what I learned in a nice neat package.
So here are 5 things working in politics has taught me about infoSec (and life):
You can’t win every battle.
If you try to win every battle you won’t win any. You have to pick the battles that are important to you and focus on winning those.
Favors are the most valuable thing in the world.
The most valuable thing in the world you can have is to have someone feel indebted to you. You never know when you have to cash it in but it is always nice to know someone has your back when you really need it.
You can’t unsay things.
A politician can ruin their career by saying careless things without checking the facts or knowing their audience. So can you.
To have a successful project find people who care about your cause.
The first step to having a successful project is to find other people who are impassioned about the same thing. If you can’t find those people your project will likely fail.
It isn’t personal.
If someone doesn’t think the same way you do on an issue doesn’t mean that they don’t like you (or that they are an idiot). If you treat everyone who has a difference of opinion as you as an enemy it quickly becomes you versus the world.
iOS 8 Allows Siri To Bypass Your Lock Screen
By default iOS 8 allows Siri to bypass your iphone’s lock screen and reply to messages by default. You should disable it. Here is how:
Go to Settings
Go to Touch ID & Passcode
Turn off everything in “Allow Access When Locked”.
10 Books That Influenced My Life
I was challenged by my friend on Facebook to name 10 books the influenced my life. I figured if I was going to put together a list I might as well put it on my blog.
So here are the 10 books in alphabetical order that have influenced my life:
48 Laws of Power
I read this book 4 or 5 years ago and decided that if this is what it took to be successful l didn’t want to be. I would rather be a nice guy and be “unsuccessful” then to base my life on this book.
Augustus: The Life of Rome’s First Emperor
You didn’t think I could make a list of my favorite books and not include one on roman history did you? Augustus found Rome made of clay and left it made of marble. As Rome’s first emperor, Augustus transformed the unruly Republic into the greatest empire the world and laid the foundation for all of Western history to follow.
I read this book when I was in 5th grade and having a hard time fitting in. It really made a huge difference in the outlook in my life. I still love this book.
I first read this book when I was so teetering on unbelief. I’ve reread it many times since but that first read through was life altering.
I bought this book for my son when I was in London. He and I like to read it and laugh at Paddington. This book will always be special to me.
I read this book in 8th grade English. It is one of the best books I have read about class warfare and about how we all really just want to fit in.
The Pursuit of Happyness
A great story about how a man can drastically change his life if he never gives up. One of the most inspirational stories I’ve ever read.
Titan is a biography of John D. Rockefeller, the founder of Standard Oil and the world’s first billionaire. At its core it is about work ethic and about taking what you have and making something out of it without anyone’s help.
To Kill A Mocking Bird
To quote Homer Simpson ‘To Kill a Mockingbird’ gave me no useful advice on killing mockingbirds but it did teach me not to judge a man based on the color of his skin.
You are not so smart
This book is a fun read. It talks about 48 things we do that don’t make any sense. After reading this book I started catching myself making a lot of irrational decisions on a daily basis.
44CON 2014 Recap
44CON is one of the best ran conferences that I attend. Adrian and Steve both really care about the conference and it being entertaining and educational for the attendees. 44CON (like Derbycon) has figured out how to make the conference feel like a meeting of old friends and not a sales pitch or exhibitor expo.
My friend Dan Raywood has a bunch of good write ups on his IT Security Guru site about some of the talks. You will want to check out his stories about running Doom on a hacked printer and wiping data from Android tablets.
Some other highlights were the converted red bus bar:
the amazing DJ they had on Thursday night:
and the badges:
As you are thinking about your training budget next year make sure you include a trip to London in September!
How To Disable Auto-Play In Facebook
If you are on a limited data plan you should turn off Facebook Auto-play to help preserve your data. There have been a few stories this week about it causing huge data bills.
Here is how to do so in iOS:
Click the Settings Icon.
Find the Facebook Settings.
Choose Off (Or WiFi Only).
On Android you will find the auto-play settings within the Facebook app itself. Tap the menu button and then choose settings.
Applying Kindergarten Rules To Security Professionals
My son came home from his first full week of Kindergarten this week and had a list “learning targets" that lined up amazingly well with what we should be doing as security professionals.
I can use pictures to predict story content.
Being able to understand what is going on if we only have half the information is an invaluable skill for security professionals.
I can listen and follow directions.
Do you folllow your companies own security policies or have you exempted yourself from them because you are special?
I can use an appropriate voice level.
Have you mastered when a security incident a real emergency and is worth yelling about and when it is OK to wait to talk about it?
I can say the name of my classmates.
Can you name 90% of the people who work in your building (or for your company)?
I can have fun while learning.
Is your job still fun?
An Honest Message from Your Security Guy.
This morning I read “An Honest Message from Your IT Guy” and was kind of amused and disappointed and thought I should pen “An Honest Message from Your Security Guy” as a rebuttal.
I am here to help.
Seriously. I know the average IT guy can come across as a jerk but I work really hard to be a nice guy. If it wasn’t for you I would be selling insurance to over the road exotic animal movers.
Please don’t lie to me.
To paraphrase Jay-Z “”Men lie, women lie, logs don’t.”
While you swear you never visit “OfficeSupplies.XXX” we log all the traffic that leaves the network and I know for a fact you have a thing for swing line heavy duty staplers. It is cool… I am not here to judge but when your PC gets a virus and I have to come fix it and you have deleted your browsing history and tell me you were reading up on ancient roman birthday cakes it makes my job a little harder.
No. I don’t trust you.
I have done this job for over 10 years and I don’t think anyone has actually ever told me the truth when I asked what they were doing when their PC was infected.
No. I don’t trust you.
You cannot be a local admin on your PC. Doing so puts us both at a risk we don’t need. I don’t even have admin rights on my PC.
No. I don’t trust the IT guys.
Don’t feel bad. I really don’t trust the IT guys. 50% of my job is to “Watch the Watchers” and they try to get away with more stuff than you do.
Yes, I think those password requirements are ridiculous, too.
Our password policy should be much stronger because when (not if) our passwords get hacked I prefer it to take more processing power than your average 7th grader has available to crack them.
I am here to help.
Above all my job is to help you do your job securely. If you have a question or a problem I am here to help you.
Facebook Messenger is not spying on you.
Over the last couple of days I have seen a bunch of people post a link to this blog post about how the new Facebook Messenger “crosses the line” when it comes to the permissions it asks for.
Yes, the Facebook Messenger app requests these permissions:
- Change the state of network connectivity
- Call phone numbers and send SMS messages
- Record audio, and take pictures and videos, at any time
- Read your phone’s call log, including info about incoming and outgoing calls
- Read your contact data, including who you call and email and how often
- Read personal profile information stored on your device
- Access the phone features of the device, like your phone number and device ID
- Get a list of accounts known by the phone, or other apps you use.
There are plenty of legitimate reasons for requesting these permissions. Messenger needs access to your camera so that you can take and send pictures. It needs to access your microphone so that you can use the app to make free phone calls. Etc.
These kinds of sweeping permissions are also extremely common in Android because of the “open” nature of the OS. Even the most vanilla apps collect extraordinary amounts of personal data. Most weather apps keep a detailed GPS log of everywhere you have been in order to display the local weather (law enforcement agents really like this feature).
My advice to you is dont freak out and delete Facebook messenger and to audit the rights on your Android using a tool similar to Permission Explorer removing rights that you think “crosses the line”.
If you are still worried about it you should buy an iPhone. The iPhone security is much more locked down than Android.
Walmart Savings Catcher
If you do your grocery shopping at WalMart like I do you will want to start using the Walmart Savings Catcher program.
It is extremely easy to use:
On my first time using it I saved $2.35. I am guessing I will save close to about $150 a year using this program that I normally wouldn’t have.
For the last year my doctors have been worried about my moderately high blood pressure. A few weeks ago after a bad migraine attack and a huge spike in my blood pressure my doctor decided to put me on blood pressure medicine to lower it.
I have made these handy charts of my average energy level before and after I started taking the blood pressure medicine.
The good news is my blood pressure is in a normal range and I am not going to have a stroke. The bad news is I feel like 70 year old man and am ready for bed about 8.
I wonder if this is what normal people feel like all the time?
Please Turn On Two Factor Authentication.
About once a month I will get a call from someone who is upset because their account was hacked and wants to know what they can do to stop it from happening in the future. The truth is enabling two factor authentication (2FA) is one of the best things you can do to make sure your accounts don’t get hacked.
Here is a list of popular services where you should enable 2FA:
- Google/Gmail: Google’s two-factor authentication sends you a 6-digit code via text message when you attempt to log in from a new machine, though it also works with the Google Authenticator app for Android, iOS, and BlackBerry. You can save each machine for 30 days. You can enable it here.
- Facebook: Facebook’s two-factor authentication, called “Login Approvals,” sends you a 6-digit code via text message when you attempt to log in from a new machine. It also works with apps like Google Authenticator for Android, iOS, and BlackBerry, as well as the “Code Generator” feature of the Facebook app. You can also authorize a new machine from Facebook.com on a saved machine if you don’t have your phone handy. You can enable it here,
- Apple: Apple’s two-factor authentication sends you a 4-digit code via text message or Find My iPhone notifications when you attempt to log in from a new machine. You can enable it here.
- Twitter: Twitter’s two-factor authentication sends you a 6-digit code via text message when you attempt to log in from a new machine. You can enable it here,
- Dropbox: Dropbox’s two-factor authentication sends you a 6-digit code via text message when you attempt to log in from a new machine, though it also works with Google Authenticator and a few other similar authentication apps. You can enable it here.
- PayPal: PayPal’s two-factor authentication sends you a 6-digit code via text message when you attempt to log in from a new machine. You can read more about it and enable it here.
- Microsoft Accounts: Microsoft’s two-factor authentication sends you a 7-digit code via text message or email when you attempt to log in from a new machine, though it also works with a number of authenticator apps. You can enable it here.
- Yahoo! Mail: Yahoo’s two-factor authentication sends you a 6-digit code via text message when you attempt to log in from a new machine. You can enable it here.
- LinkedIn: LinkedIn’s two-factor authentication sends you a 6-digit code via text message when you attempt to log in from a new machine. You can enable it here.
You should also check out twofactorauth.org to see if other accounts you use have the ability.
How to shuck corn like a man.