Tag: virus

What If?

What If?

Every day someone finds something.  This day was no exception.  The more creative the attack the more interesting the day.  If you call that number they try to get you to give them $199.00 to unlock your computer.

You can send me some money if you like but, here is the fix for this…

CTL ALT DEL , task manager, kill the process, aka browser and then do not restore the page when you reload the browser.

I am not affiliated with CCleaner but I sell a heck of a lot of it for them.  Install it and let it clean your browser after every use.  $25 a year and damn well worth it!

As one might use an explicative to emphasize a point, I often use a somewhat tawdry analogy for this purpose.  Surfing the web with inadequate anti-virus software is like “hooking up with a stranger” without using protection.   Not only is it idiotic, but dangerous!

Having been in Data Processing, or the IT business since before Steve Jobs or Bill Gates was a household name, I know a thing or two.  The scars on my back are from arrows taken in the trenches of digital mayhem. This bedlam was caused by such things as bosses wanting to be on the bleeding edge, to software not ready for prime time, been there done that.

Free antivirus software is not worth what you pay for it!  

The best security software is going to have a price or cost to it.  Why?  It takes many engineers, coders, and much research to create and maintain a massive program like anti-virus software.  Who is going to do that for free?  More importantly, why?

While someone might write an app for free, to get their name out there; anti-virus software takes a village.

Much like hiring someone to sell your home, you don’t hire someone who does it part time or as a hobby. If you want to get something done, give it to a busy person.  If you want to sell your home, hire someone who’s lively hood depends upon them being successful.  You want a secure computer, hire or purchase the product with the most to lose if it fails.

There is much more to the process of considering which product to purchase but, free is not a reason.  I would argue that free is a cause to eliminate that choice.

The reality is that the internet has become the wild west.  The bullet that finds you can come from almost anywhere. Every company that uses computers should have a security officer.  His or her job should be to focus their attention on threats out there and the best way to keep them from affecting that company.

I find it surprising that politicians are screaming about Russian hacking of our computers.  What the hell do you expect?  You just assume that someone with a certification gives a damn!?

What worked in 1982 does not work now.  Having a “PC Wizard, or your grandchildren” working for you is tantamount to a trapeze act, blindfolded and working without a net.  Insurance companies and credit card companies are now aware of this and demanding your strategies to be secure in the world of cyber threats.  They should audit you, and they should hire folks like me who know what to look for.

White Hat hacking allows us an inside look at what one might expect.  We learn many ways to infiltrate a company.  The same applies to the TSA in homeland security.  While I would probably choose a job to be that guy that test the security systems of the homeland, airports and such, it is much easier to check companies.

The first thing I must do is understand you.  More importantly, know that entity many of us in the biz call “users.”

Too many infiltrations are accomplished with something called click bait.   “Ten pictures that should never have been made public…” With half a picture of some scantily clad woman visible, how many will click?

Human nature dictates men will want to see what the camera saw. “Boom, you’re infected.”

Good antivirus software will stop any activity created by software manipulation but, the caveat or keyword there is “good.”  What if you bought the bargain basement software or just used the free stuff?

For the coders to write the fix, someone must fall prey to it, report it, and then they must institute a fix.  That is why Software of this type is never static.  Updates are consistent and often.  New threats are released hourly.  To run a company dedicated to this is no small task.

Maybe you own a plant which produces widgets.  Your widgets are better than others, and your competition wants the skinny.  You hired someone like me for your IT manager or CIO so they cannot get in through your firewalls.  Your safe, or so you think.  Industrial espionage is rife in the competitive world of gadgets and widgets.  If I want in bad enough, I will contract one of my guys to write a program that will hide on a computer until certain key phrases are typed, and then it will activate.

“Wait, you said my firewall is secure, Fort Knox secure!”

“Why yes I did, so I am going to place this little program on a thumb drive and…I am going to put some naughty pictures on it with some commercial looking writing on the outside of the device to make the person who picks it up from the parking lot where I dropped it, think that they have something juicy.”

Possibly just tossing a thumb drive out the window of my car near the parking lot with a few files on it, and the Trojan would be enough to get me into your network.  I will purchase some chrome colored or fancy looking thumb drive to be sure that it is spotted.  I will know when the landscape folks work, so I make sure and plant it after they have done their thing so that one of your employees will find it.

Maybe I send one of my spies out to places that your guys eat and leave the drive on the table by the ashtray or the salt and pepper shaker at the table they eat every week on a given day and time.

Possibly I get one of my people inside your company, hired by you.  They install some remotely controlled program like Team Viewer on their PC and Viola; you are hacked.

Because your IT guy is so sure that his firewall is good enough, or your engineers are so demanding that he left the USB ports open for use by them, with lax policies he leaves your company vulnerable too.

How do we stop the threats?

One way we do this is with training.  Every employee should sit through CE training on the essential use of the corporate computers.  This is information that they can bring home and share.  Education is by far the best tool one can have in their arsenal.

All of the policies are trumpeted for them to hear and before they leave they sign a document saying they will adhere to them.  With it harder and harder to fire people these days, that too is one more tool in your belt.  Good employees, you want to keep, those that prove lacking, they need to go.

I could easily make the argument that good computing practices are patriotic.  I could certainly apply this to purchasing respectable anti-virus software and creating policies and procedures that protect your business but, the bottom line is, in the end, it will save the company money.

I was making this argument to a CEO of a good sized company when he stopped me and said, but viruses help your bottom line too.

I argued that I would much rather use my time and talents to design safe environments for companies like his than put out fires.   It is considerably less expensive to install a good fire retardant system then to try and rebuild.  Yes, a metaphor for using robust best practice standards in computing vs. reacting to noise.

Noise is the result of a problem created by an event that was unplanned or caused by employee error.

A good security person is somewhat paranoid and is always asking, what if?  I do this in disaster recovery scenarios balancing those “what if’s” against statistics and a risks assessment.

With proper education, we can mitigate the employee errors.  Using proper procedures and policies, we can diminish the unplanned events, i.e. viruses or other malicious code.

When I run into companies that think free antivirus software is adequate, it makes me a little crazy.  If they are a public company, trust me, I will not purchase their stock.  Flirting with disaster out of sheer frugality or ignorance is idiotic.

If you keep your guys around because you like them, think again.  I may love some folks, but I would not hire them for certain positions if I could find someone better.  I don’t have to like you, for you to work for me.  If you are the best person for the job, you get the job.  P&L trumps feelings!  Feelings can be costly and can be a liability.  Logic in business is your ally.  Logic must always be forefront when making business decisions.

I have walked away from companies who have their kids working for them.  By hiring the children, you open yourself up to losses that could be untold.  One company had their children not doing the paperwork necessary to complete the task, thus losing money in that department.  Hiring me to do an analysis, it did not take long to find the problem.  I fired her children after trying to work with them.  I kid you not one of them actually cried in my office after telling him time after time he must do all of the job.  A grown man crying!  There is no crying in IT.  Either perform the work or get the hell out!  Either do all of the job or learn to ask, “Do you want fries with that?”   Is that too tough?  I felt for the kid but, feelings do not dictate policy.

Do your kids a favor and don’t hire them.  The real world does not work that way so why in the world handicap them, and make them believe that it does?

Over the years there are best practices that have been created by time trusted procedures and policies.

Some are things like:

  • Hardware Asset management.
  • Software Asset management
  • Security both physical and digital

I could write a book on the subject, but I will spare you the details.

Today, now more than ever we must harden our networks.  We must have sound policies and procedures in place, and they must be adhered to.  Documentation is essential, and it must be updated.

I don’t relish firing people but, sometimes their people are the problem, and the CEO is so far removed from the process they just don’t know it.  If training can fix it, I am all for it.  Attitude too plays a crucial role in the process, and I will not tolerate a crappy attitude.  Life is too short, and the subject matter is too important.

I love the HR folks because often they are the gatekeepers, saving the CEO from disaster.  Good HR folks are worth their weight in silver.  Gold, maybe not, so let’s stick with silver. Worthy people are not that hard to find as many would have you believe.  Upright people are around, but they may not have everything that you are looking for immediately.

Instant gratification is an expensive luxury and can be elusive at best.  Where employees are concerned, I want to start with a “good foundation.”

We place certifications above character, and that is part of our modern day conundrum.

I hired a grocery store manager and trained him for a job in IT.  He had little experience in the job I hired him for, so why did I hire him?

He had the right attitude and wanted to learn.

I had the time to train him.

The money used for training him was penny’s compared to hiring exactly what I was looking for.

He did not have the bad habits that come with so many “experts”  with the certifications, and their egos.

He ran a grocery store and let me tell you; he was not afraid of work!

Back in the day, we had interns or apprentices.  Folks, we need to look carefully at that once again.  I have hired many over the years that had the right attitude and the skill set to learn.  American people are out there struggling, and we won’t give them a chance.  Why?  Instant gratification.  We need someone who can step into the job right now, and we run with minimum employees because of what?  Because it is so expensive to have employees.

That is one of the things we need to push back on Congress and health care to fix, but the reality is, internships and apprentices I think are essential to finding and creating good employees.

Every job fair that I go to has thousands of workers looking for work.  If you can’t find them, you are not looking!  I spot good employees daily.  There are times I would love to go work for a recruiter just because I can spot talent!

Are they the exact racehorse ready for the Derby today?  Maybe not, but can they be trained?  There are virtual diamonds in the rough everywhere, looking for a chance! We are begging to bring in more H1B folks instead of taking care of our own.  That is not very damned patriotic if you ask me!

Our schools are a disaster in my opinion.  In speaking with college graduates today, I am frequently amazed at just how ignorant and totally out of touch with reality that they are.  Someone somewhere screwed them to the tune of tens of thousands of dollars for an education that is worthless.  When they think voting for a socialist is a good idea, they were screwed by their college and should demand their money back!

Today we have kids tens of thousands of dollars in debt, and they cannot find a job.  I know of several college grades making much less than $15 an hour.  Our educational system needs an overhaul.

As quickly as a company can get a process documented and packaged, they send it overseas via a VPN over the internet, sending jobs out of the country.

Trades are being overlooked for white collar jobs which are going the same way.  IT jobs are vanishing in the states.  Virtual IT shops are set up in some foreign country, hiring an English speaking American to act as a liaison between them and their Indian or other counterparts.  With an American point of contact, it is then up to the American to manage the folks in another country who speak little English, making little money, to be the IT shop for these American companies.  This same person puts an American face on their business while working with their client managing the “noise.”

“Do you see any security risk there?”

You have no clue where your intellectual property is going or who is seeing it.  Maybe you have a contract but so what.  Much like HIPAA was created to protect your health information, do you honestly feel as if your information is secure?  If you do, you are fooling yourself.  Read the documents you sign when you visit the doctor.  You sign things saying that your information is protected and then you sign a document which pretty much gives them a pass to do whatever they want to do with your information.  Smoke and mirrors.

Doctors and hospitals are hacked and the information is stolen all too often.  Why?  How?  Piss poor planning on someone’s part. Using some cheap method to get things done perhaps?

Your contract with your Virtual IT company is as worthless as the paper it was printed on.  Yes, that deal might make you feel better but, know if you are a developer, someone in some other country has your work and if they can use it, they will.

I want to touch on Software Asset Management as it is germane to this subject.  All of the subjects are salient, but that one, in particular, is in the case of security.

There are tools which you can use to inventory every program on every PC.  Why?  Why would you want to do this?

Licensing of software is an issue, but more importantly, you should want to know what is on those PCs.  The first time I did this for a company I was struck with the reality of the sheer number of programs designed for remote control of a PC, that was active.

In this world we live in, corporations can ill afford to have the wild west inside their computer networks.  Besides the games and other foolishness that was identified, the risk to the infrastructure was phenomenal. The company is liable for every program on their PC’s, no matter who put it there.  If they are audited for their licenses, and someone like myself does an audit and finds them, they must then produce that license.  Can you?  Can you put your hands on all of your licenses?

Ignorance is no excuse!

Having been part of the evolution of the business process, dating back to the secretary and the typewriter to current day, I have seen the learning curve first hand.  Fighting the first virus on a network before there was anti-virus software; asking “what if” became second nature.

Back when Gregg shorthand was used, a business letter cost an average of $100.00 back then.  Now we type out e-mails with the ease of few keystrokes and dictation is a thing of history.  Technology has improved the business process, but the bad guys have found a way to make it interesting.

The very tools we use to make our lives easier are under constant threat by evil forces that look for ways to extort money or steal your property either through the exploitation of your network, or your employees themselves.

We use the cloud as if it were a hard drive in some vault in our closet.  We send information to the cloud without a clue where the cloud is and who has access to it.  Why we don’t encrypt that data before it leaves our computers is beyond me.  If I were a villain, I would be looking for ways to infiltrate the “cloud.”

“What if?”

The opinions expressed are my own as well as the intellectual value of the information put forth for your consumption.

© All Rights Reserved 2017

 

Advertisements
Netflix Scam

Netflix Scam

 

No Netflix is not the problem, a phishing scam, however, is out that you should be aware of.

Since so many of us now receive our entertainment over the internet, it is a good gamble that you might have Netflix.

Again many of us have it set up to bill once a month from some sort of banking institution whether it be your bank, credit card or PayPal. The e-mail looks like it came from Netflix until you look a little closer at the sent from.

Netflix AT dallas180.arvixeshared.com  (don’t e-mail to it…)

You will notice it is not Netflix.com

The message is telling you that they were unable to get your payment info and if you don’t update the info soon you will lose Netflix.

Then, of course, there is a link that they want you to follow.

God only knows how many will fall for this. Considering it was sent to tens of thousands you can bet a percentage will click and update. Always check to see that the sending e-mail is legitimate. IE Netflix.com and, hover over the link and make sure it stays Netflix.com and not something like I posted.

If you question it at all, call the institution or get online, not following any link from an e-mail and check for yourself. Once they get money from your account, if that is indeed their ploy it will be gone. The ploy could simply be to get you to click so they can put some sort of virus or cookie on your computer. E-mail is an excellent way to get infected, and because the scheme requires input from you, your protection might just allow it.

Practice safe computing… -Best

 

The latest method of attack. #DisasterRecovery

The latest method of attack. #DisasterRecovery

 

As a matter of course, I try not to post too much about computer security, as I am certain that most have seen this before.

We know not to open attachments that are not expected as well as have good anti-virus software updated and running at all times.

This morning I received a different type of threat that I thought worth sharing, so here it is.

With the usual jargon about some sort of violation or someone suing me for something, open the attachment to see what it is, this was different.

The words included were, “for your security we use dropbox for the evidence against you. Please follow the link and respond within 3 days or a summary judgement will be made.”

Of course, the return e-mail address is bogus; the trick is to get me to open an attachment in this case on dropbox.  Once downloaded there is no telling what it would do but, most certainly nothing good.

No law enforcement or government agency would work in this way even if you were expecting something from someone in this manner; it would not come in from e-mail.

Unless you are expecting it and the e-mail address is correct only then would I make a call before opening anything as an attachment.

Ransomware is working with hospitals and even government agencies paying the perpetrators, which causes them to continue with more fervor.

 

ransomware.jpg
You do not want to see this so, practice safe computing.

 

Practice safe computing which includes a good disaster recovery plan.

 

-Best

(c) All Rights Reserved 2016

 

#Ransomware

#Ransomware

 

Just this morning I wrote about this topic; this afternoon we learn that a California hospital was hacked.

Ransomware.jpg
You see this and you are screwed… 

Firstly, someone executed that ransom-ware in an e-mail or some other way. The payload most probably came in as an attachment through a phishing scheme, like the one that I wrote about.

  • Secondly, this tells me that they do not have a good disaster recovery plan.
  • Thirdly, this tells me that their firewalls were inadequate to block “zip” files.
  • Firewalls should be set to strip any attachments from messages. 

“You say, oh that is just great, my business uses attachments all the time!”

Most probably, attachments could be directed to a virtual machine, much like a bomb disposal box, where it could be executed in such a way that if it were a virus or worse its damage would be mitigated.

Fourth, what kind of anti-virus were they using? Were they using group policies stopping the execution of executable s?

Someone on his or her IT team messed up, and it starts with the “CIO!”

The bottom line is you never want to be a position where you have to pay money to terrorist.  Folks, make no mistake, people who extort money like that are terrorist.

I would be doing a serious root cause analyses to see how it happened, and why they paid the ransom.

The news tonight said it happened on the 5th.  Are you telling me that a hospital being down for 13 days cost less than a good disaster recovery plan and of course an audit of your system?

Do not open attachments that you are not expecting and if you are, make damned certain it is what you are looking for.

It might be a real good idea to keep a standalone pc that employees take their files to on a thumb drive and open it there.

Once infected you options are, pay the ransom or start from scratch.

cryptolocker-screenshot2.jpg

With a tested DR plan, you could be back up a lot sooner than being at the hands of the terrorist.

Lastly and I cannot stress this enough, don’t get cheap on your anti-virus software.  MailWareBytes has been working on software to mitigate this threat.

You would be surprised at the companies that I run into who use the cheapest damned software that they can find.  Often Free!  Whoever does this should be dismissed as they clearly dont value your data or your company.  This is a hill to die on folks.

You can take the cheapest CFO and argue or “negotiate” the need for the expense, or you should not be there.

Excuse me but that is like living in a high crime area using using a bathroom lock set for your protected, you know the kind, the one you stick a small pin in to unlock it…

To recap…

  • Education
  • prevention
  • disaster recovery plan

 

-Best

© All rights reserved. 2016

 

 

 

 

 

#fedex #phishing #Scam

#fedex #phishing #Scam

FedEx Scam

Every now and then a phishing scheme catches my attention.  Usually we know that there are no Nigerians that want to give you millions of dollars. Some fall prey to this each and every day hence the e-mails.

  • We know that the IRS does not E-mail you with important notices.
  • We should know that Inga from Russia is really not hot for you when you click on the file that contains her personal contact information.  Unless of course you personally know an Inga who is hot for you, best not click.
  • “Overdue Invoices” click here for details probably should be suspect as well.

This one came today which interested me in that we do so much with Amazon and Woot and of course eBay that we have no idea if there is really a package or not.

fedex scam
Capture of e-mail…

The picture here is a copy of a phishing scheme that unleash who only knows what on my computer if I were foolish enough to click on the attached Zip file.

Some clues to look for are the senders address… Eurafrik.org  If it were truly from FedEx most probably if would be from a fedex.com or something similar.

They provide a tracking number, which you might actually go to the FedEx site and see what it does, I suspect nothing.

Bottom line, do not click if you are not 100% sure that it is indeed legitimate.  The damage you unleash could be anything from a key logger to ransomware.

Always Always Always have really good anti-Virus software running and updated.  Currently I like ESET Node 32… That is my choice for now, but your mileage may vary.. Free anti-Virus software is not worth what you pay for it.

I have no affiliation with Eset or any other software company…

-Best

(c) All Rights Reserved 2016

 

RATS and Right to Privacy

RATS and Right to Privacy

rat

While some may find them cute and cuddly, and some, absolutely disgusting; this rat that I am speaking of is neither.

The rat that I want to educate about is really an acronym for Remote Access Trojan.

25ea188

Just about everything electronic today has a built in camera.  Not to mention a microphone.

webcam

Some smart TV’s actually have them built in to allow you to voice command the TV.

Smart-Tv-With-Built-In-Camera-1

Your car may very well have something like this built in.

Ford-SYNC-1024x640

I have long held that our government could if they wanted, under some obscure interpretation of the Patriot Act, access your camera and or microphone to peek into your home.  I have also thought that this could be done with the microphone and camera on most laptops and of course desktops that have them.

drones_hacking_phones-4

Not only is there news of the Feds hacking your cell phones and either listening in or downloading your contact list and other information through something called String Ray but there are theories that your local police may be doing this as well without a warrant!  (1)

sting ray

It is not enough that we may have our government spying on us without warrant but, we have Trojans that copy your keystrokes and send them to some server in Russia, or some other obscure third world country looking for passwords and banking information now we have RATS.

Today we know that perverted individuals out there have in fact used the cameras in laptops handed out by the school to indeed spy on kids in their bedrooms.  While this made the news, little attention was really paid to this, as conspiracy nuts are everywhere.

SCHOOL-SPYING

(2) The Case in question

We now know that the Chinese among others have created Trojans that allow them remote access to your camera and or microphone in your laptop!  Simply click on the wrong thing and the writer of the software has access to your machine.

One couple received a picture of themselves lying in bed watching a movie on Netflix.  This came to them from someone using a made up name, via their Facebook page.

couple-of-netflix

(3) Naked Security Story

You really have to be smart when you are cruising the internet and checking e-mail as the crooks and other creeps are smarter.  I have often said that these folks are probably kids sitting around in their mother’s basement in their underwear, writing Trojans, seeing who can outdo the other via groups like Anonymous.

anonymous-psn-hacker

I would like to see devices like phones have an actual on off switch or removable customer replaceable battery.  If you want to make certain that the thing is off, remove the power.  Apple has made this task about impossible for the everyday user and that is problematic.  Placing the device in airplane mode might be your closest bet to protecting your privacy but I would bet that there is a work around for that.

ga2wpmclsbjtjqufjed7

I would also like to see on off switches on cameras and microphones that absolutely can be switched off until required.

Screen-Shot-2012-03-26-at-5.26.26-PM

The simple truth is we have no idea what these phones are doing in the background and with viruses and Trojans, we have no idea when some remote access Trojan will activate or be activated by some creep in some basement somewhere.

Someone write an app that tells you what the phone is dong or has done.  

When you sit back and think that I am a crazy conspiracy nut, I would remind you of the porn scanners that are still in use at some airports today. 

full-body-scanner-image
Yes, if you invert the negative with any cheap software you get a positive…

Who in their right mind would think that it is ok to use ionizing radiation to undress the public by the tens of thousands for the purpose of what, looking for weapons?  We are so politically correct that we can’t profile but we can strip search the public, grope grandma and feel up children!  Political Correctness is a way to control the masses and not something that we should be doing as a people.  We have free speech, and other than yelling fire in a theater or threatening to kill someone, I would not surrender the first amendment for anything!

child-security

Did you read about the whistle blower who worked for the TSA and admitted that it was a big joke to watch people stripped of their clothing and then make remarks and jokes about what they saw? (4) (5)

tsa-choices1

If I could have any job in the world, currently it would be to be in some position of authority at the TSA! I would love to clean that bunch of people up and while I am at it, assist them with security as currently they are loath to do much right, of course it is the government so …. What do you expect?!  They need folks who think outside the box and currently they have a bunch of automatons.

radiation_spectrum non-ionising-radiation-3-638 microwave-oven-32-638 Radiation_-_Radiatii_ionizante_si_radiatii_neionizante

The news media commonly carried stories about the TSA scanner as equivalent to being at altitude for a couple of hours.  The lying bastards however did not tell the truth.  While pilots do suffer more cases of skin cancers than non-pilots as cosmic radiation is more intense at altitude, it is not the same as ionizing radiation.  

To further exacerbate the privacy issue you are undoubtedly aware that cameras are everywhere.  You must assume that wherever you are, or whatever you are doing, there may be a camera watching you. Every red light contains cameras that I maintain can and do look at people in cars collecting bio metric data, looking for who is doing what when.  These are not the low end cameras that you can buy on-line, these are high end cameras that have good quality optics.

traffic_camera9da284e64d164925bb9caa8a0868c89a

How about some of these cameras:

st-sony640-dvr
There is a wifi enabled camera in there. Have you seen these in your hotel room perhaps?

video-recorder-sunglasses-gadget-spy-camera-dvr smiley-spy-camera Spy-Camera_watch 140875,xcitefun-calculator-spy-camera2-450x357 spy-cameras-250x250

These are just a scant few.  These things are tiny and easily concealed. Assume that you have no privacy.  If you scratch it in public, chances are someone saw you.

DAKS - IDIS DirectIP surveillance images

Orwell was ahead of his time, and you my friends need to be aware of this, and act accordingly.

george-orwell-quotes-sayings-lies-truth-famous

(1) http://thehackernews.com/2015/04/police-spying-cell-phones.html

(2) https://en.wikipedia.org/wiki/Robbins_v._Lower_Merion_School_District

(3) https://nakedsecurity.sophos.com/2015/08/14/webcam-spy-sends-couple-photos-of-previous-nights-netflix-snuggle-session/

(4) http://mountainrepublic.net/2012/12/24/ex-tsa-screener-officers-laughing-at-your-naked-image/

(5) https://takingsenseaway.wordpress.com/2012/12/19/letter-from-a-passenger-what-really-happens-in-the-tsa-private-room/

-Best

© All Rights Reserved 2015

#Scam of the day… No time off for the Holidays #virus

In today’s e-mail there were several different scams from well known companies.  Most of them deal with “order status.”  Be wise about clicking on any of these things as most of them are fraught with danger… Yes DANGER….  The link could be as innocuous as some ad for Viagra or it could be a link to Cyber Locker or some other virus waiting to just ruin your day.

If you are not expecting something like that, don’t click it!

Have a good Monday!

Security update 11/8/14

The following is an update to the title page on Security

To underscore the need for security and for a security officer, Russia “as in the government thereof,” has been working to place a virus or trojan in the utility networks of this country.  Most probably this Trojan supplants a small piece of code that does something normal however it is waiting to be “Activated” when the time is right to something much more malevolent.

The government is being rather tight lipped about how the bug was discovered but, needless to say we have a big job on our hands to clean all of the systems of this bug.

Programmatically, a bit by bit comparison of each and every program and or file will need to happen to look for and isolate this bug.

Russia if it were so inclined could activate this “bug” which its intent would most certainly be to attack the power grid or other utility making them inoperable at a critical time.

There was show on TV with a similar scenario but here now we have the real deal.

Forensic computing allowed us to “see” that the infiltrations were coming from Russia during a typical 9 to 5 day over there; which implicates government workers.  Hackers are not 9 to 5 folks but rather those who burn the midnight oil and are able to work when the phone is not ringing and the world around them is at rest.

Those of you who were not alive during the cold war, well this is it only it once more but, is taking place in cyber space.

This is why it is patriotic to have your computer and associated networks hardened against such attacks.  This is also a real good reason to use anti-virus software that is not created or maintained by Russians, or any other world power that does not like Americans.

While I dislike the fact that this administration appears clueless on foreign affairs; and we are much worse off than just 6 years ago, the world is what it is.

Until this regime leaves office and adults take back the White House, you will need to take the necessary steps to secure your business networks as well as your home computers including your smart phones and other “smart” devices.

Remember the bug may be on your home computers waiting to be activated which could cause a DOS attack on some system somewhere.  Make certain that you use a program that is better than Microsoft Essentials or anything that is free.  Free anti-virus software is not worth what you pay for it! 

If you have any questions regarding this please don’t hesitate to ask.  If I don’t know the answer off the top of my head, most certainly others that read this blog will, or I will do my best get it for you.

-Best

c All rights reserved 2014

Virus for Macs, iPhones and Tablets?

While it is not unheard of, they are rare.  Today we learned that a virus has been unleashed to attack Apple products including Iphones, Ipads and of course anything running the MAC OS.

The Virus effects MAcs and Smartphones and I suspect was written for the Chinese as they have Jailbroken their phones and are downloading apps from other sources besides ITunes.

While one could speculate that such a virus that only affects those devices that are Jailbroken might be written to punish those that do this type of thing; or to discourage those who might want to do this, you would really have to be a conspiracy nut to think this way.

That would be like thinking that most viruses are written by the folks that make the antivirus programs.  Totally nuts…. right…nuts… why would they do that?….Crazy talk….!  Have you purchased antivirus software lately.  $50 and up for one year!  With millions of computers and millions more smartphones and tablets, those that write anti-virus software have a goldmine and a half!

To write viruses one must necessarily have intimate knowledge of the code that makes up the OS.  Likewise, if one wants to foil and antivirus program, one would need intimate knowledge of that code.

While I have no doubt that groups like the Russian Mob who made more money on hacking and getting information from people’s computers then selling drugs might find this work easier, some of these hacks are just crazy.

Who does this kind of thing?

I have Trend Micro for my phone and iPad and I update the OS after a short period of time that the new release has been tested by those a little more eager than I, you can still not be too careful.  While I would like apps on my phone that Apple will not host, I have not even thought about jailbreaking it.

If your secret family recipe for chocolate cake is on your phone, and you want it secure; you might want to look at Trend or some other anti virus software for your MAC products.   It is more than simple recipes however; people store all sorts of information on there including banking, health, credit card info, passwords for your online accounts, text messages, e-mails; all of which is vulnerable.

If you want to talk conspiracy, what if the bad guy wanted to listen in on your conversations; could the microphone be turned on, or worse yet, the camera?

How often do you find your smartphone warm to the touch and the battery almost exhausted and you have done nothing to get it that way?

There was a case not too long ago where some school sent kids home with laptops. Someone was turning on the built in cameras remotely and watching them in their home, bedrooms etc.  This was most probably and immature geek that lived in his mothers basement, or was it.

Folks, smart devices have tons of information including your coordinates down to a few feet!  If Apple does not make this thing where I can pull the battery; I am seriously thinking about going away from Apple to another type of smart phone that will let me A) pull the battery if I want to make certain that the thing is dead and B) change the battery “easily” when it no longer holds a charge!

The same is true of the tablet devices.  These toys are for my amusement, not for some “hacker” or twisted peeping tom to use for their entertainment or source of revenue.

-Best

c All rights reserved 2014

Ebola / Virus

After the death of the first Ebola patient in American today, one really has to look at this with an objective, forensic attitude. We need to take a  pragmatic approach when dealing with this.

Ebola came to this country via a man who became infected.  This man allegedly lied to get onto a plane and into this country to get medical help.  Further, when he knew that he was sick; he went to the hospital for help.  Not tipping his hand that he knew that he had contact with someone who had the disease, he told the people treating him that he had been in that area of the world, but did not offer up the fact that he indeed had contact with people who were victims of this outbreak.

The triage team missed his semi-obscure clue, misdiagnosed him, and sent him home with antibiotics, where he languished for a few days in an small apartment with other people.  The disease progressed to the point where this man had to go back to the hospital once again; this time by ambulance.

Had he been forthcoming on his first hospital visit, his outcome might have been better. The experimental drugs were showing signs of working.

Family members were exposed, paramedics were exposed, nurses and doctors were exposed.  People in the emergency room were exposed.  Anyone who came close to this person was exposed.

The clock is ticking, who next will show signs?  Was he contagious on the airplane? How about at any of the airports?

We now know that the virus can be viable for 6 (six) days on a surface. Any sneeze, blood, sweat, vomit or other bodily fluid from an infected person can contain this virus.

Today a man in Frisco Texas not feeling well went into a health clinic reporting symptoms of Ebola.  Are his symptoms psychosomatic? Did he just expose everyone in that clinic to his ailment? He is a deputy sheriff that was in the mans apartment.

This is how outbreaks start.  This is stage one.

The CDC really needs to amend their protocol in dealing with this for now.

Anyone who thinks that they have these symptoms “imagined or not,” should call 911 or some other special number where a CDC doctor will come to you, or they send a special ambulance to come get you.  Containment of this disease is paramount before it gets to stage two, or three. I would call on the CDC to change their protocol and make this happen before it is too late.

The simple facts are, we don’t fully know how virulent this virus is.  What we don’t know about this virus eclipses what we do know, and making mistakes now could cause the next pandemic.  People walking into clinics, doctors offices and alike who are infected, endanger the collective.

So what is a Virus?

It is interesting to note that a virus is neither dead, nor alive.  It does not eat, reproduce by itself nor defecate.  It is a parasite of sorts.  It contains genetic material that it “infects” a host cell with.  The host cell then is forced to do its dirty work.  The cell’s normal genetic instructions shut off, and it now creates proteins of a different sort, viral proteins, which make new viral particles.

The interesting thing about viruses is when they infect, they can obtain some of the host DNA in the process.  When the new virus’s proliferate into yet more cells, they may in fact bring with them some of the host original DNA.

MS and Hemophilia are two diseases which researchers believe are the result of this ‘transduction.”

Make no mistake; viruses are the original “replicators” (excuse the reference to Stargate).  These guys’ sole purpose is to reproduce or “replicate.”

Virus’s are either made up of DNA or RNA and are encased in something called a “capsid” which is made of protein and some also have an envelope which is made up of lipids.  One note of interest is that RNA viruses which make up 70% of all viruses mutate much more readily than DNA type Virus’s, due to the error rate of enzymes that are actually involved in the replication process.

“Look out Daniel Jackson!”  This must be where the writers of Stargate got their idea for the replicators… I digress…

Ebola is a member of the Filoviridae family of the RNA viruses.  Ebola can have a 90% mortality rate however; it should be noted that this number is derived from areas of the world with remote, substandard medical care / facilities.  This area of the world is filled with people who believe that this is a work of the devil; and frequently seek out their local witch doctor for assistance.  I am not being ugly, those are the facts.

We have a government that is downplaying this, and we have news agencies that are scaring the hell out of people, for ratings. Somewhere in this minutia, is the truth.

If this virus mutates to airborne, which it may already be; allowing unfettered access of people from that part of the world here in this country could be a huge mistake with dire consequences. All peoples from that part of the world should be quarantined until we get a handle on this outbreak in Africa. Their excuse might be, “who knew?”

The simple facts are we need to “Assume” that this disease is very catchy.  We need to assume that it can be spread by air, water, touch etc.  We need to assume that it can be spread by mosquitoes. Until there is hard scientific evidence that it cannot be, we need to assume that it can.  We need to assume that other animals including family pets can become carriers of this disease.  Assume the worst, and make your plans around it!

Update 10-14-14

Now with one of the care givers of Mr. Duncan testing positive for the Ebola virus, we have even more questions than answers.

How?

Immediately a breach of protocol was assumed.

It would be very interesting to examine the air handlers in that facility to see if there are any Ebola virus on any of the filtration systems or associated duct work, fans etc.

It was of particular interest to me that the ashes of the bedding and other things that were in Mr. Duncan s apartment are treated as hazardous waste, and being transported to a special facility for such, in Louisiana. Think about this for just a second.  Our government is telling us that one must come in direct contact with some bodily fluid of not only an infected individual but someone who is in the later stages of the disease; and yet we are not even comfortable with dumping the ashes in a regular landfill.

My guess is that there was no breach of protocol for the infected Nurse.  Again, there is more that we don’t know; than what we do about this disease.

Our heartfelt prayers are offered up to the caregiver who is affected.

This would be one prime use of robotics; we could remotely do what needs to be done via a robot, much like the robot assisted surgery that we have today. Our technology is probably not quite there yet but, I would call for some company that is already in such a field to get some “seed money” to make this happen faster, rather than at its usual pace.

Instead of sending humans into harms way; in this case highly infectious areas of the world, much less our own hospitals, we could send in a robot that was managed by a nurse.

If we can send a robot to Mars and have it do all sorts of scientific test, we should be able to come up with one that can do what needs to be done with extreme infectious patients.

Update 10/15/14

Another health care worker from Presbyterian Hospital in Dallas has tested positive for the virus.

This health care worker traveled by commercial air with at least 139 other souls, not to mention the crew of the airplane.

What did they do and where did they go?  Who were they in contact with?

What about the taxi that she took to the airport, how about the ticket agents, what about anyone who she may have had contact with in the airport(s), bathroom(s) eating establishments? Did she stay in a hotel? What about the maid who cleaned their room or the person(s) who handled the sheets / towels from the room? You folks who enjoy playing with fire are woefully unprepared for what you are doing.

If we are treating the ashes of Mr. Duncan s sheets and so forth as toxic waste, which Louisiana has now stated they will not allow it to come there for burial; should we not be all over this?

It seems to me that anyone who is a health care worker, working with Ebola patients, should be quarantined as well; until such a time that it can be proven that they are not a risk to the general population.   We cannot afford mistakes, unless of course you are looking to witness another pandemic here in this country.

We need to error on the side of caution and not hubris.  You clearly don’t know what you are doing.

Update 10/17/14

The two Ebola infected Nurses have made their way out of Texas to two hospitals that are better equipped to deal with the situation.  The Dallas Hospital has a lack of nurses now because so many of them are on “Ebola watch.”

The nurse, Amber Vinson, who flew to Cleveland on the 10th may have made some very bad decisions in taking public transportation. Flying commercial with a fever, knowing that you had been taking care of an Ebola patient who died of the disease is not very smart.   At least she had sense enough to call the CDC and ask if she should fly and they gave her the green light.  This is really common sense and she should not have even had to call and ask.  If the CDC indeed gave her the green light as reported, than we have bigger problems than a nurse lacking common sense.

Besides all of the people on the plan for that one plane ride from Ohio to Dallas, we have to consider that the plane went on to fly several different places that day, each time with 139 souls on board.

Keep in mind that a Virus is neither alive nor dead.  This talk about it being alive for X amount of hours is really not telling the truth.  They are depending upon your ignorance of the facts so you don’t ask the real questions.  Is the virus viable?  How long is the virus viable on a surface or in fluids?

I am thrilled that Nina Pham is doing better and getting good care.  My heart goes out to the nurses and doctors who are on the front lines, taking care of people.  Our thoughts and prayers go out to both of the nurses Nina and Amber Vinson.

It looks like Frontier Airline is going above and beyond to ensure the safety of their customers.  Miss Vinson’s decision to fly home was ill advised, and has already cost millions.  We have no idea what the future holds for all of the other people who could have been exposed to her illness. Anyone from ticket agents to baggage handlers to people in public restrooms to janitors to the folks that work the restaurants and anyone who sat in close proximately at the airports.  The next two weeks should have the CDC and most hospitals on pins and needles.

The CDC is flailing around with this and they truly need to get a grip.  Anyone treating Ebola patients should not be allowed to be in public transportation until they have passed a date that they could not be a carrier of the disease.  Compensate them for what they are doing but they have a greater responsibility to sequester themselves until they are deemed clear of the disease.

Flight bans from countries with this outbreak should be observed now.  While I am always perplexed by this administrations aversion to the truth or lack of common sense, their number one priority it so protect the American People.  We currently are not doing that.  Travel bans to and from these countries are just common sense.

Our southern border needs to be closed now!  If this disease gets into South America those folks will come here by hook or crook for medical care and I don’t blame them.  The issue is that they will come in such a way that we will not be able to trace them, evaluate them and quarantine them.  By the time they make it to some ER room, or clinic for help, we will have no clue how many others that will have become infected.

Look at the chaos we have for just one person who came here under false pretense!

This wont stop at our southern border, Canada will be in line for this too.

Rapid response teams should be created now to be able to assist those south of our border should the need arise.  Looking into the future, this is not that hard to foretell. If they don’t need the help, great; but if they do I would much rather take the battle there than have people crossing our border under the cover of night hoping to get some sort of medical care.

If you are a praying person; keep these two nurses in your thoughts and prayers.

Update 10/30/14

Both infected nurses recovered from the disease.  While we are grateful for their recovery the CDC was totally not prepared for this.  The total cost of this is of course unknown, and I am certain that the taxpayers are paying for this too.

We have a nurse who just came home from that area of the world who currently is not exhibiting any symptoms and also is not quarantining herself either.  Even though she is a nurse she is not taking any precautions and is out and about as she sees fit.  This is course is making the news nightly and I hope for her sake that she remains symptom free as she is playing fast and loose with more lives than her own.  She is in violation of the orders she has been given, to self quarantine and test her temperature twice daily, but it appears that thwarting the rules is her current plan.  As a nurse she should know better.

Recently leaked information from the White House documents the planning and logistics bringing non-citizen Ebola patients to this country for treatment.

I am not sure (A,) how something like this gets leaked and (B,) why anyone thinks this is a good idea!

If you truly want to get the patient together with our technology; how about sending a hospital ship over there?  If things get too far out of hand you only loose the ship and the “volunteers” that are manning it.  If things get loose over here well, who knows how far it will go.  Do you really want to risk a pandemic to the entire North American Continent? Since we are a very mobile people you very well might be risking a world wide pandemic!  Someone needs to pull their collective heads out!

The CDC has continuously displayed incompetence dealing with this.  Their Ebola CZAR is nowhere to be seen and knows nothing of this in the first place so, “from me to you,” why not mitigate the risk?

As far as this nurse in Main is concerned, I would lock her butt up until she passes the quarantine period.   She has crossed the line!  When you do that you get your freedom taken away.  When you endanger the public you get stopped.  That is the way it works!

I am in hopes that I can stop updating this thread as there is nothing to report.  Lets pray that is the case.

-Best

c All rights reserved 2014