Fitbit Flex Stepbot POC v.01

At my new job they have a fitbit step count challenge and if you can clock 40,000 steps in one day you can win a $100 gift card.  

The only problem is that there is no way in the world I will ever legitimately get 40,000 steps in one day (The closest I ever came was 25,000 steps one day in London and I was near exhaustion when I made it back to my room).

So if I was ever going to get 40,000 steps in one day I was going to have to cheat. Note: I am not really cheating, I am using a secondary fitbit account for this. 

Let me introduce you to Stepbot POC v.01:

With a $10 remote control car and a some electrical tape I can now average 120 steps a minute (172,800 a day) from the comfort of my desk chair. 

image

The future plans for the Stepbot include

  • Stepper Motor and Stand.
  • Raspberry PI Intgeration
  • Software to control steps per minute with web interface. 

What Working In Politics Has Taught Me About InfoSec

As I get ready to wrap up 9 years running network security for the Missouri House tomorrow I thought it would be a good time to do one of those blog posts where I sum up what I learned in a nice neat package.

So here are 5 things working in politics has taught me about infoSec (and life):

You can’t win every battle.
If you try to win every battle you won’t win any.  You have to pick the battles that are important to you and focus on winning those.

Favors are the most valuable thing in the world.
The most valuable thing in the world you can have is to have someone feel indebted to you.  You never know when you have to cash it in but it is always nice to know someone has your back when you really need it.

You can’t unsay things.
A politician can ruin their career by saying careless things without checking the facts or knowing their audience.  So can you.  

To have a successful project find people who care about your cause.
The first step to having a successful project is to find other people who are impassioned about the same thing.  If you can’t find those people your project will likely fail.

It isn’t personal.
If someone doesn’t think the same way you do on an issue doesn’t mean that they don’t like you (or that they are an idiot).  If you treat everyone who has a difference of opinion as you as an enemy it quickly becomes you versus the world.

iOS 8 Allows Siri To Bypass Your Lock Screen

By default iOS 8 allows Siri to bypass your iphone’s lock screen and reply to messages by default.  You should disable it.  Here is how:

Go to Settings

Go to Touch ID & Passcode

Turn off everything in “Allow Access When Locked”.

image

10 Books That Influenced My Life

image

I was challenged by my friend on Facebook to name 10 books the influenced my life.  I figured if I was going to put together a list I might as well put it on my blog.

So here are the 10 books in alphabetical order that have influenced my life:

48 Laws of Power
I read this book 4 or 5 years ago and decided that if this is what it took to be successful l didn’t want to be.  I would rather be a nice guy and be “unsuccessful” then to base my life on this book.

Augustus: The Life of Rome’s First Emperor
You didn’t think I could make a list of my favorite books and not include one on roman history did you? Augustus found Rome made of clay and left it made of marble. As Rome’s first emperor, Augustus transformed the unruly Republic into the greatest empire the world and laid the foundation for all of Western history to follow.

Maniac Magee
I read this book when I was in 5th grade and having a hard time fitting in.  It really made a huge difference in the outlook in my life. I still love this book.  

Mere Christianity
I first read this book when I was so teetering on unbelief.  I’ve reread it many times since but that first read through was life altering.

Paddington Bear
I bought this book for my son when I was in London. He and I like to read it and laugh at Paddington. This book will always be special to me.

The Outsiders
I read this book in 8th grade English. It is one of the best books I have read about class warfare and about how we all really just want to fit in.

The Pursuit of Happyness
A great story about how a man can drastically change his life if he never gives up.   One of the most inspirational stories I’ve ever read.

Titan
Titan is a biography of John D. Rockefeller, the founder of Standard Oil and the world’s first billionaire. At its core it is about work ethic and about taking what you have and making something out of it without anyone’s help.

To Kill A Mocking Bird
To quote Homer Simpson ‘To Kill a Mockingbird’ gave me no useful advice on killing mockingbirds but it did teach me not to judge a man based on the color of his skin.

You are not so smart
This book is a fun read. It talks about 48 things we do that don’t make any sense. After reading this book I started catching myself making a lot of irrational decisions on a daily basis.

44CON 2014 Recap

I just returned from a week in London for the 4th annual 44CON.  I had an amazing time hosting a quiz, being on panel and giving a talk.

image

44CON is one of the best ran conferences that I attend. Adrian and Steve  both really care about the conference and it being entertaining and educational for the attendees.  44CON (like Derbycon) has figured out how to make the conference feel like a meeting of old friends and not a sales pitch or exhibitor expo.

My friend Dan Raywood has a bunch of good write ups on his IT Security Guru site about some of the talks.  You will want to check out his stories about running Doom on a hacked printer and wiping data from Android tablets.

Some other highlights were the converted red bus bar:

image

the amazing DJ they had on Thursday night:

image

and the badges:

image

As you are thinking about your training budget next year make sure you include a trip to London in September!

A couple of photos from around London.

How To Disable Auto-Play In Facebook

If you are on a limited data plan you should turn off Facebook Auto-play to help preserve your data. There have been a few stories this week about it causing huge data bills.

Here is how to do so in iOS:

Click the Settings Icon.

Find the Facebook Settings.

Click Settings.

Click Auto-Play.


Choose Off (Or WiFi Only)
.

On Android you will find the auto-play settings within the Facebook app itself. Tap the menu button and then choose settings.

Applying Kindergarten Rules To Security Professionals

My son came home from his  first full week of Kindergarten this week and had a list “learning targets” that lined up amazingly well with what we should be doing as security professionals.

I can use pictures to predict story content.
Being able to understand what is going on if we only have half the information is an invaluable skill for security professionals.

I can listen and follow directions.
Do you folllow your companies own security policies or have you exempted yourself from them because you are special?

I can use an appropriate voice level.
Have you mastered when a security incident a real emergency and is worth yelling about and when it is OK to wait to talk about it?

I can say the name of my classmates.
Can you name 90% of the people who work in your building (or for your company)?

I can have fun while learning.
Is your job still fun? 

image

An Honest Message from Your Security Guy.

This morning I readAn Honest Message from Your IT Guy” and was kind of amused and disappointed and thought I should pen “An Honest Message from Your Security Guy” as a rebuttal.

I am here to help.
Seriously.  I know the average IT guy can come across as a jerk but I work really hard to be a nice guy.  If it wasn’t for you I would be selling insurance to over the road exotic animal movers.   

Please don’t lie to me. 
To paraphrase Jay-Z “"Men lie, women lie, logs don’t.“

While you swear you never visit "OfficeSupplies.XXX” we log all the traffic that leaves the network and I know for a fact you have a thing for swing line heavy duty staplers.   It is cool… I am not here to judge but when your PC gets a virus and I have to come fix it and you have deleted your browsing history and tell me you were reading up on ancient roman birthday cakes it makes my job a little harder.

No. I don’t trust you.
I have done this job for over 10 years and I don’t think anyone has actually ever told me the truth when I asked what they were doing when their PC was infected.

No. I don’t trust you.
You cannot be a local admin on your PC.  Doing so puts us both at a risk we don’t need.   I don’t even have admin rights on my PC.

No. I don’t trust the IT guys.
Don’t feel bad.  I really don’t trust the IT guys. 50% of my job is to “Watch the Watchers” and they try to get away with more stuff than you do.

Yes, I think those password requirements are ridiculous, too.
Our password policy should be much stronger because when (not if) our passwords get hacked I prefer it to take more processing power than your average 7th grader has available to crack them.

I am here to help.
Above all my job is to help you do your job securely. If you have a question or a problem I am here to help you.

Facebook Messenger is not spying on you.

Over the last couple of days I have seen a bunch of people post a link to this blog post about how the new Facebook Messenger “crosses the line” when it comes to the permissions it asks for.  

Yes, the Facebook Messenger app requests these permissions:

  •     Change the state of network connectivity
  •     Call phone numbers and send SMS messages
  •     Record audio, and take pictures and videos, at any time
  •     Read your phone’s call log, including info about incoming and outgoing calls
  •     Read your contact data, including who you call and email and how often
  •     Read personal profile information stored on your device
  •     Access the phone features of the device, like your phone number and device ID
  •     Get a list of accounts known by the phone, or other apps you use.

There are plenty of legitimate reasons for requesting these permissions. Messenger needs access to your camera so that you can take and send pictures. It needs to access your microphone so that you can use the app to make free phone calls. Etc.

These kinds of sweeping permissions are also extremely common in Android because of the “open” nature of the OS. Even the most vanilla apps collect extraordinary amounts of personal data.  Most weather apps keep a detailed GPS log of everywhere you have been in order to display the local weather (law enforcement agents really like this feature).

My advice to you is dont freak out and delete Facebook messenger and to  audit the rights on your Android using a tool similar to Permission Explorer removing rights that you think  “crosses the line”.

If you are still worried about it you should buy an iPhone. The iPhone security is much more locked down than Android.

Site Footer