@jgamblin

Jul 24

Please Turn On Two Factor Authentication.

About once a month I will get a call from someone who is upset because their account was hacked and wants to know what they can do to stop it from happening in the future.  The truth is enabling two factor authentication (2FA) is one of the best things you can do to make sure your accounts don’t get hacked.  

Here is a list of popular services where you should enable 2FA:

You should also check out twofactorauth.org to see if other accounts you use have the ability.

Jul 16

[video]

Jul 12

Is the data on your phone worth $400?

I have a Samsung S3 that decided it wouldn’t boot on Wednesday.  After talking to the very helpful people at Samsung they decided that they can replace my phone for me but I need to send them my broken phone.

Awesome!

But…

All my data is on my phone. All my email. All my passwords. All my texts. All my pictures. I have backups and I have a password on my phone but I still have to send my phone back to a company who could access it if they wanted to. 

So what is a security professional to do?  Normally I would just wipe my phone and send it in but since that isn’t an option I am stuck with either keeping a $400 brick or possibly exposing my data to Samsung.

I guess I have a $400 brick.

Jul 07

The Missouri Capitol on the 4th.

The Missouri Capitol on the 4th.

Jul 03

Activate “GodMode” in Windows

GodMode is a control panel In (Windows 7 and Windows 8) that brings together all of the customization settings to one place.

To activate “GodMode” do the following:

Step 1: Right click on the desktop

Step 2: Click create folder.

Step 3: Name the new folder: GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}  and press enter.

Step 4: The folder changes form a folder icon to a control panel icon.



Step 5: Open the folder and you have your god mode control panel.

Jun 23

How to protect your social media accounts.

Earlier today I was asked to come up with the best way to keep your social media accounts secure.  Here are 5 easy ways to protect your social media accounts:

Update accounts with unique, complex passwords.
Complex passwords will contain a combination of upper and lower case letters, symbols and numbers, and have at least ten characters.

Change your password often.
No matter how complex your password is it is necessary to change it regularly.  Normally I suggest changing your social media passwords two times a year.

Enable Two Factor Authentication.
Google, Facebook and Twitter all offer two factor authentication.  Enabling it allows these services to know that it is you logging into your account and not someone else.

Review apps and add-ons regularly.
Review all apps and add-ons associated with your social media accounts at regular intervals. Remove apps and add-ons you no longer use or post to your social media accounts without your permission.

Log out.
Remember to log out when you are finished using it. It is an easy and highly effective step to protect your account.

Jun 07

The Alton Brown Skirt Steak

I made the Alton Brown Skirt Steak on coals tonight. It was really good but next time I make it I will leave it on another minute to get it medium-rare instead of rare. 

Here are a couple of pictures:

image

image

image

image

image

May 28

The No No Rule

In two weeks I am on a career panel for a group of high school kids interested in technology careers. They sent a list of discussion questions they were going to use to get the conversation started and one of them was:

What does it take to be successful in information technology?

The answer to this question I always give is:

If you want to be successful in information technology and life in general you need to implement the no no rule.

The no no rule is extremely simple:  When asked a question your first response should never be no. 

The two none yes responses I use are:

1) Ask for more information or clarification.
2) Ask for time to research a solution.
 
In a lot of cases (especially in security) after you ask for clarification or time to research the answer may still be no but you will have given the question some real thought and understanding and the person making the request wont feel like you are ignoring them.  A lot of information technology professionals get a bad reputation because they say no to often.

May 26

In Flanders Fields…

My son asked me on Saturday as we were going into the store why an old guy was selling flowers.  It gave me an opportunity to tell him about the “true meaning” of Memorial Day and explain to him that some of our bravest hero’s don’t get to come home.

So today I will be spending sometime thinking about the people who gave everything.

In Flanders fields the poppies blow
      Between the crosses, row on row,
   That mark our place; and in the sky
   The larks, still bravely singing, fly
Scarce heard amid the guns below.

We are the Dead. Short days ago
We lived, felt dawn, saw sunset glow,
   Loved and were loved, and now we lie
         In Flanders fields.

Take up our quarrel with the foe:
To you from failing hands we throw
   The torch; be yours to hold it high.
   If ye break faith with us who die
We shall not sleep, though poppies grow
         In Flanders fields.

                        - John McCrae, May 1915

May 21

[video]

May 20

RandomlyOpenCD.VBS

I got a call from a friend who was sure his PC was hacked because his CD-ROM drive kept randomly opening and closing.  After looking at the machine I found a .vbs file in his appdata folder named RandomlyOpenCD.VBS (surprisingly It randomly opens and closes the CD drive) and nothing else that looked like an APT.

After making a copy of the code, deleting the file and rebooting his PC it was fine and his CD drive was back to a non-hacked state. 

The practical joker in me makes it nearly impossible to not share the code:

Dim smax, smin, rmax, rmin, start, repeat
smax=900000
smin=300000 
rmax=600000 
rmin=100

Set oWMP = CreateObject(“WMPlayer.OCX.7”)
Set colCDROMs = oWMP.cdromCollection

Randomize
start=(Int((smax-smin+1)*Rnd+smin))
wscript.sleep start

do

if colCDROMs.Count >= 1 then
For i = 0 to colCDROMs.Count - 1 
colCDROMS.Item(i).Eject
Next
For i = 0 to colCDROMs.Count - 1 
colCDROMs.Item(i).Eject
Next
End If

Randomize
repeat=(Int((rmax-rmin+1)*Rnd+rmin))
wscript.sleep repeat

loop

May 16

End of Session 2014

End of Session 2014

May 15

Saying No

Last night I sent an email to a good friend and his boss passing on an amazing career opportunity that paid an ungodly amount of money.

It was basically Scrooge McDuck build a money bin money.

So why didn’t I take it?  After a lot of thinking and discussion with my wife it boiled down to timing and location.

We weren’t crazy about the location. We would have had to relocate to Atlanta. We dont have more than a handful of friends in Atlanta and our nearest relatives would be about 300 miles away.  I dont like grits.

The timing wasn’t great either. My son is getting ready to start Kindergarten next month. My wife has a job that she loves. Our family is a half hour drive away.  We have amazing friends. We love our church. I dont like grits.

Even after that list of cons It was still amazingly hard to say no to a great career opportunity and the possibility of my own money bin.

So why did I?

I remember seeing this quote a few months ago:

“Half of the troubles of this life can be traced to saying yes too quickly and not saying no enough.” - Josh Billings

So I took my time and thought about it.  On Monday I was ready to call a Realtor and put my house and the market. On Tuesday I was trying to figure out if I was going to sound cool with a southern accent.  On Wednesday I woke up and realized it wasn’t the right time to move our family half way across the country.

So yesterday I wrote an email apologizing and declining the position, put in a 16 hour day at my current job and went home and slept like a baby.

It will be hard not owning a Tesla and having a bin full of money to swim around in but I know I made the right choice for my family and hopefully there will be other opportunities like this in the future. 

May 14

Text Bombed

image

This afternoon a “hacker" decided to text bomb my phone with about 1000 text messages asking me to paypal him $100 to stop.

A couple of things:

  1. I don’t negotiate with terrorists. (I always wanted to say that.). 
  2. Part of the text bomb gave me information on how it was happening.

After getting a couple of messages I noticed they were all coming from onlinetextmessage.com.  After looking at their web page I noticed that you could block messages from their site to your phone.

Once I blocked the attack I was interested in how they did it and started to do a little bit of research. 

I am about to give you a link to a script that can do bad things. Please dont do bad things.

With a few well placed Google searches (onlinetextmessage.com sms bomb) I found this pastebin with a two year old perl script in it. I am “researching” here so I had to test out the script myself (against my own phone) and surprisingly it works really well. 

After looking at a couple of other online SMS sending website it appears the reason that onlinetextmessage.com is vulnerable to this abuse is because they dont ask for a capatcha before sending the message.  This would seem to be a pretty easy addition to their code to stop this from happening.  I have sent them a nice email asking this to make these changes. I doubt I ever hear from them.

May 10

Why I Hate My Alarm Clock

Meet the Capello Sleep & Charge Dual Alarm Clock with Night Light sold exclusively by Target.


It works fairly adequate as a:

Why I hate it is this button right here:

This “DST” button is .25” away from the snooze button, .2” away from the source and sleep timer button. 

Why is this a big deal? Because when you accidentally touch the button it magically makes it an hour earlier in my bedroom than in the rest of the world.  For a feature that will save me 30 seconds two times a year they have basically put a self destruct button right on top of their product.

How in the world do products like this make it to the market?